WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the ‘Zip Slip’ vulnerability.
access.redhat.com/errata/RHSA-2018:2276
access.redhat.com/errata/RHSA-2018:2277
access.redhat.com/errata/RHSA-2018:2279
access.redhat.com/errata/RHSA-2018:2423
access.redhat.com/errata/RHSA-2018:2424
access.redhat.com/errata/RHSA-2018:2425
access.redhat.com/errata/RHSA-2018:2428
access.redhat.com/errata/RHSA-2018:2643
access.redhat.com/errata/RHSA-2019:0877
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862
snyk.io/research/zip-slip-vulnerability