Buglloc

**Name of the Vulnerable Software and Affected Versions** Extract versions prior to 4.0.0 **Description** A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This issue can be exploited by using a specially crafted archive in zip, tar.gz, or tar.bz2 formats. **Recommendations** For versions prior to 4.0.0, upgrade to version 4.0.0 or later. If using the `extract.Extractor.FS` interface, implement the new methods that have been added to the `/v4` interface, including `Remove(path string) error`, `Stat(name string) (os.FileInfo, error)`, and `Chmod(name string, mode os.FileMode) error`. For users not using the `extract.Extractor.FS` interface, simply change the import to `/v4` to upgrade.