CVE-2024-39705 Information

Description

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code and the integrated data package download functionality is used. This affects for example averaged_perceptron_tagger and punkt.

Reference

https://github.com/nltk/nltk/issues/3266 https://github.com/nltk/nltk/issues/2522