Compressing Vulnerable to Arbitrary File Write via Symlink Extraction
compressing restores symlinks from TAR archives without validating their targets. By combining a malicious symlink with a subsequent file entry, an attacker can redirect extracted files to arbitrary locations on the host.