spring-boot-loader-tools is vulnerable to symlink privilege escalation attacks. The run_user
can overwrite and take over ownership of any file on the system by using a symlink attack. The application must be installed as a service and the run_user
must have shell access in order to successfully complete an attack.