In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Path Traversal
Ark
Debian Linux
Fedora
Leap
+1
NVD
GitHub
CVSS 3.1
3.3
EPSS
1.7%