Uriyay-Jfrog

**Name of the Vulnerable Software and Affected Versions** Plexis Archiver versions prior to 4.8.0 **Description** The issue arises when using AbstractUnArchiver for extracting an archive, potentially leading to arbitrary file creation and possibly remote code execution. This occurs when an archive entry already exists in the destination directory as a symbolic link whose target does not exist. The `resolveFile()` function returns the symlink's source instead of its target, passing the verification that ensures the file will not be extracted outside of the destination directory. Later, `Files.newOutputStream()`, which follows symlinks by default, writes the entry's content to the symlink's target. This vulnerability affects users who extract untrusted archives using Plexis Archiver. Technical details include the use of `Files.newOutputStream()` which follows symlinks by default, and the `resolveFile()` function which may return the symlink's source instead of its target. The `checkCanonicalFile()` method is also relevant, as it checks if the resolved path of the extracted file doesn't escape the destination directory. **Recommendations** To resolve the issue, update to version 4.8.0 or later, as it contains a patch for this issue. For versions prior to 4.8.0, as a temporary workaround, consider disabling the use of AbstractUnArchiver for extracting untrusted archives until a patch is available. Restrict access to the vulnerable `resolveFile()` function to minimize the risk of exploitation. Avoid using `Files.newOutputStream()` on untrusted archives until the issue is resolved.