Pengowray

**Name of the Vulnerable Software and Affected Versions** internetarchive versions 5.5.0 and below **Description** The internetarchive library contains a directory traversal vulnerability in the `File.download()` method. The method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename containing path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters could allow an attacker to write files outside the intended target directory. This could lead to a denial of service, privilege escalation, or remote code execution. All operating systems are affected, with a potentially higher risk for Windows systems. **Recommendations** Update to internetarchive version 5.5.1 or later.