Decebals

**Name of the Vulnerable Software and Affected Versions** pf4j versions 3.9.0 and earlier **Description** An issue in pf4j allows a remote attacker to obtain sensitive information and execute arbitrary code via the `expandIfZip` method in the extract function. **Recommendations** For pf4j versions 3.9.0 and earlier, consider disabling the `expandIfZip` method in the extract function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.