hadoop-fips-3.3.6
Chainguard
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.