An issue exists in the tar crate prior to 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
tar project tar