io.spinnaker.clouddriver:clouddriver-appengine is vulnerable to path traversal. The utility to extract files locally for deployment does not validate the paths, allowing a local attacker to override files on a particular container resulting in path traversal vulnerability. Man in the middle attacks may also be possible by replacing libraries or injecting wrapper files.