The vulnerability of the _unzip_iter() function in the natural language processing and statistical processing library NLTK allows a hacker to write arbitrary files.

The vulnerability of the unzipiter function in the natural language processing and statistical processing library NLTK is related to an incorrect limitation on the path name for the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to write arbitrary files...