In 2023, Trellix announced [1] that they patched +61,000 open-source projects for CVE-2007-4559, an old path traversal vulnerability. Analyzing their patch, it's easy to notice that it can be bypassed using a symlink.
Symlink path traversal is an old technique, and it has also been shown in LiveOverflow's video Critical .zip vulnerabilities? - Zip Slip and ZipperDown.
[1] Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects
docker build -t tarslip .
docker run -it tarslip bash
python poc.py
cat evil.txt