It was reported that cpio is vulnerable to a directory traversal
vulnerability when using the --no-absolute-filenames option. While
extracting an archive, it will extract symlinks and then follow them if
they are referenced in further entries. This can be exploited by a rogue
archive to write to files outside the current directory.