Miggo Logo
Miggo Vulnerability Database
CVE-2024-39705

CVE-2024-39705: ntlk unsafe deserialization vulnerability

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-39705
GHSA ID
GHSA-cgvx-9447-vcch
EPSS Score
0.80147%
CWE
CWE-300
Published
6/28/2024
Updated
1/21/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
nltkpip< 3.93.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from NLTK's use of pickle to deserialize model files downloaded via its data package system. Key evidence includes:

  1. The patch explicitly removes pickled model support
  2. CWE-502 (Deserialization) is listed
  3. The affected components (averaged_perceptron_tagger/punkt) are model loaders
  4. The nltk.data.load function is the primary deserialization entry point
  5. PerceptronTagger.load is specifically mentioned in documentation as using pickled models
  6. The exploit requires both download functionality (which fetches untrusted data) and deserialization (which executes code)

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

NLTK t*rou** *.*.* *llows r*mot* *o** *x**ution i* untrust** p**k***s **v* pi*kl** Pyt*on *o**, *n* t** int**r*t** **t* p**k*** *ownlo** *un*tion*lity is us**. T*is *****ts, *or *x*mpl*, *v*r****_p*r**ptron_t****r *n* punkt.

Reasoning

T** vuln*r**ility st*ms *rom NLTK's us* o* pi*kl* to **s*ri*liz* mo**l *il*s *ownlo**** vi* its **t* p**k*** syst*m. K*y *vi**n** in*lu**s: *. T** p*t** *xpli*itly r*mov*s pi*kl** mo**l support *. *W*-*** (**s*ri*liz*tion) is list** *. T** *****t** *