The fileutil subpackage in github.com/duke-git/lancet is vulnerable to path traversal. The vulnerability exists in the UnZip
function in file.go
due to a ZipSlip vulnerability which allows an attacker to create files outside the designated target directory using malicious zip file names.