nltk Arbitrary File Read Vulnerability in the filestring() Function

A vulnerability exists in the filestring() function of the nltk.util module, specifically in nltk version 3.9.2. This vulnerability allows arbitrary file reading due to inadequate validation of input paths. The function opens files based on user-supplied input without proper sanitization, enabling access to sensitive system files by providing absolute or traversal paths. The issue can be exploited both locally and remotely, particularly when the function is used in web APIs or other interfaces that accept user input.

Impact

Exploitation of this vulnerability could lead to unauthorized access and disclosure of sensitive system files.

Reproduction

The vulnerability can be reproduced by calling the filestring() function with an absolute path to a sensitive file, such as '/etc/passwd' on Linux or a file in the Windows System32 directory. This can also be done through a web API that accepts file path inputs, allowing an attacker to read arbitrary files from the server.

Remediation

Users are advised to update to a patched version of nltk that includes proper input validation in the filestring() function.