Problem
IO.unzip currently has zip-slip vulnerability, which can write arbitrary files on the machine using specially crafted zip archive that holds path traversal file names.
Solution
This replicates the fix originally sent to plex-archiver by Snyk Team.
Fixes https://github.com/sbt/io/issues/358 Ref https://github.com/codehaus-plexus/plexus-archiver/pull/87
Problem IO.unzip currently has zip-slip vulnerability, which can write arbitrary files on the machine using specially crafted zip archive that holds path traversal file names.
Solution This replicates the fix originally sent to plex-archiver by Snyk Team.