Warsocket

Name of the Vulnerable Software and Affected Versions: GNOME file-roller versions prior to 3.29.91 Description: The issue allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. This is related to the `sanitize filename` function in `src/glib-utils.c`, which has an insufficient mechanism for limiting the path name to a directory with restricted access. Exploitation of this issue may allow a remote attacker to cause a denial of service through a specially crafted tar archive. Recommendations: For versions prior to 3.29.91, update to version 3.29.91 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `sanitize filename` function or avoiding the extraction of tar archives from untrusted sources until a patch is available.