ansible is vulnerable to directory traversal. When extracting a collection of .tar.gz
file, neither install()
nor the called _extract_tar_file()
performs any validation or sanitization of the filenames. This allows a malicious collection of .tar.gz
file to be written in arbitrary location on the file system.