OWASP Dependency-Check prior to 3.2.0 allows malicious users to write to arbitrary files via a crafted archive that holds directory traversal filenames.
owasp dependency-check