Akhil Jain

**Name of the Vulnerable Software and Affected Versions** one-java-agent-plugin versions all **Description** The issue allows for Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. **Recommendations** For all versions, consider restricting the use of archive extraction functionality until a patch is available. As a temporary workaround, avoid using the one-java-agent-plugin package with untrusted archives to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.