7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-3828

GHSA ID

GHSA-2ww3-fxvq-293j

EPSS Score

0.61861%

CWE

CWE-697

Published

9/29/2021

Updated

10/7/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-3828

CVE-2021-3828: NLTK Vulnerable to REDoS

The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide as an input to the [_read_comparison_block()(https://github.com/nltk/nltk/blob/23f4b1c4b4006b0cb3ec278e801029557cec4e82/nltk/corpus/reader/comparative_sents.py#L259) function in the file nltk/corpus/reader/comparative_sents.py may cause an application to consume an excessive amount of CPU.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-3828

GHSA ID

GHSA-2ww3-fxvq-293j

EPSS Score

0.61861%

CWE

CWE-697

Published

9/29/2021

Updated

10/7/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nltk	pip	< 3.6.4	3.6.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

T** nltk p**k*** is vuln*r**l* to R**oS (r**ul*r *xpr*ssion **ni*l o* s*rvi**). *n *tt**k*r t**t is **l* to provi** *s *n input to t** [`_r***_*omp*rison_*lo*k()`(*ttps://*it*u*.*om/nltk/nltk/*lo*/****************************************/nltk/*orpus/

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2021-3828: NLTK Vulnerable to REDoS

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI