Stdunlap607

**Name of the Vulnerable Software and Affected Versions** decompress versions prior to 4.2.1 **Description** The issue allows for Arbitrary File Write via ../ in an archive member when a symlink is used, due to Directory Traversal. This occurs because the package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing `../`. **Recommendations** Upgrade to version 4.2.1 or later. As a temporary workaround, consider restricting the use of the decompress package until the issue is resolved. Avoid using the decompress package to extract archives that may contain symlinks or relative paths.