Lucaddepar

**Name of the Vulnerable Software and Affected Versions** Rapid7 Metasploit Framework versions 4.14.0 and prior versions **Description** The issue is related to improper limitation of a pathname to a restricted directory, also known as a path traversal vulnerability, in the Zip import function of Metasploit. This can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. **Recommendations** For Rapid7 Metasploit Framework versions 4.14.0 and prior versions, update to a version that includes the fix for the Zip import function vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.