PT-2019-3241 · Nltk +2 · Nltk Downloader +2
Name of the Vulnerable Software and Affected Versions: NLTK Downloader versions prior to 3.4.5 Description: The issue is related to a directory traversal vulnerability, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during...