Csirttrizna

**Name of the Vulnerable Software and Affected Versions** python-libarchive versions 4.2.1 and earlier **Description** The issue allows directory traversal, enabling the creation of files in extract in zip.py for `ZipFile.extractall` and `ZipFile.extract` functions. This can be exploited to create files outside the intended directory. **Recommendations** For python-libarchive versions 4.2.1 and earlier, consider updating to a version that contains a fix for this issue. As a temporary workaround, restrict the use of the `ZipFile.extractall` and `ZipFile.extract` functions until a patch is available. Avoid using these functions with untrusted zip files to minimize the risk of exploitation.