Vulnerability Report: Arbitrary File Write via Symlinks in extract-zip

[lilify-jp]

@max-mapper

I've removed the technical details from this issue for responsible disclosure.

This is a high-severity symlink validation vulnerability.

Could you please contact me to discuss this privately? I have:

• Full technical analysis
• Working proof-of-concept
• Suggested patch

How would you prefer to receive the details?

• GitHub discussions
• Email
• Other secure channel

Thank you for your attention to this matter.