Information disclosure via path traversal vulnerability
Summary
NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences but fails to account for percent-encoded traversal sequences such as `..%2f`. The `url2pathname()` function decodes these sequences after the validation step, allowing an attacker to bypass the protection. This vulnerability enables an attacker to read arbitrary files accessible to the Python process by controlling the resource name parameter passed to `nltk.data.load()` or `nltk.data.find()`. The issue affects applications that rely on NLTK for resource loading, including NLP web applications, Jupyter notebooks, and CLI tools. The default `pathsec.ENFORCE=False` setting exacerbates the impact by not blocking the file read at the `open()` stage. A flaw was found in NLTK. An attacker can exploit a path traversal vulnerability by providing specially crafted input to `nltk.data.load()` or `nltk.data.find()`. This allows the attacker to read arbitrary files accessible to the Python process, leading to information disclosure. The vulnerability arises from an incomplete fix that fails to account for percent-encoded traversal sequences. A path traversal flaw was found in NLTK's resource loading functions (nltk.data.load() and nltk.data.find()). The vulnerability allows arbitrary file reads when an attacker can control the resource_name parameter by using percent-encoded path separators to bypass validation. In Red Hat products where NLTK is bundled (OpenShift AI, OpenShift Lightspeed, Ansible Automation Platform), the resource loading functions are typically used internally to load pre-packaged NLP models and corpora. Exploitation requires that untrusted user input is passed directly to these functions without additional sanitization. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-22. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships. Will not fix / out of support: Red Hat Ansible Automation Platform 2.
Mitigation checklist
- Do not pass untrusted or user-controlled input directly to nltk.data.load() or nltk.data.find(). Validate and sanitize any resource name parameter before use, rejecting values containing percent-encoded characters (%2f, %2e) or path traversal sequences. As defense-in-depth, set nltk.pathsec.ENFORCE = True in application code to enable file-read restrictions at the open stage (disabled by default).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.