Ernkastel

**Name of the Vulnerable Software and Affected Versions** OpenViking versions prior to 0.2.1 **Description** The software contains a path traversal issue in the handling of .ovpack imports. This allows attackers to write files outside the intended import directory. Attackers can create malicious ZIP archives with traversal sequences, absolute paths, or drive prefixes in member names to overwrite or create arbitrary files with the importing process privileges. **Recommendations** Update to version 0.2.1 or later.