JFrog Security's research team has identified a new security vulnerability, CVE-2023-37460, in the plexus-archiver package, which is widely used in software such as the maven-war-plugin for creating WAR files. This vulnerability allows for a path traversal attack that can lead to remote code execution by exploiting symbolic links in malicious archives. Despite previous fixes for similar issues, the vulnerability persisted, potentially enabling attackers to execute arbitrary code by writing files outside the intended extraction directory. The JFrog team responsibly disclosed the vulnerability and collaborated with plexus-archiver's maintainers to verify a fix. This highlights the importance of updating to plexus-archiver version 4.8.0 or later to mitigate risks. JFrog products remain unaffected as they do not utilize plexus-archiver, and the company continues to offer automated security scanning to keep developers informed about potential software threats.