The vulnerability arises from the use of the tarfile.extractall() function, which can be exploited to extract files to arbitrary locations on the host server. An attacker can craft a malicious tarfile with paths that traverse directories, allowing them to overwrite critical files on the server. This can lead to unauthorized access, data corruption, or further exploitation of the server.

An attacker creates a malicious tarfile with paths designed to traverse directories and overwrite critical files. They host this tarfile on a malicious server and force the target tracking server to mount the directory containing the tarfile. By manipulating the repo.path and run_hash values, the attacker can trigger the extraction of the tarfile, resulting in the overwriting of files on the target server.

Any server running version 3.19.3 of the software that uses the tarfile.extractall() function to handle tarfile extraction is affected. This includes servers that allow external mounting of directories and extraction of tarfiles from untrusted sources.