thelamer
commented
5 years ago We use Alpine system packages for the unrar binary in this contianer . There are no cve's for this package and if there were upstream would patch this before we even had a chance to take corrective action. You are referring to an exploit specific to a windows program and a windows dll.
Update to newest nzbget version for unrar exploit fix
The newest nzbget Pre-release version patches unrar to version 5.7 to fix exploit documented here: https://research.checkpoint.com/extracting-code-execution-from-winrar/ I believe the testing branch should be updated to the new version of nzbget to patch the issue or minimally update unrar version to 5.7 beta 1 or above.