ansible is vulnerable to path traversal. The vulnerability exists as it does not properly normalize the file path to ensure that the file in the archive does not escape the extraction path.
bugzilla.redhat.com/show_bug.cgi?id=1802154
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
github.com/ansible/ansible/commit/6a92599fb68c00a29c77312dd3843f6395115dd8
github.com/ansible/ansible/issues/67795
github.com/ansible/ansible/pull/67799
lists.fedoraproject.org/archives/list/[email protected]/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
lists.fedoraproject.org/archives/list/[email protected]/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
lists.fedoraproject.org/archives/list/[email protected]/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
security.gentoo.org/glsa/202006-11