pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.
3.6.0+dfsg-23.6.0+dfsg-32.3.0+dfsg-22.3.0+dfsg-33.10.0+dfsg-13.9.0+dfsg-22.3.0+dfsg-32.3.0+dfsg-43.12.0+dfsg-12.3.0+dfsg-53.12.0+dfsg-13.13.0+dfsg-13.13.0+dfsg-1ubuntu13.13.0+dfsg-22.3.0+dfsg-52.3.0+dfsg-6Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H