github.com/ipfs/go-ipfs is vulnerable to path traversal. The use of whyrusleeping/tar-utils which fails to validate tarPath
when a get is done on an malicious DAG file allows overwritting of files or writing to incorrect destination folders during retrieval.