EPSS
Percentile
16.3%
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
github.com/nltk/nltk/issues/2522
github.com/nltk/nltk/issues/3266
www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706