<dependency>
<groupId>org.arquillian.spacelift</groupId>
<artifactId>arquillian-spacelift</artifactId>
<version>1.0.2</version>
</dependency>

A zip slip vulnerability exists in arquillian.spacelift.

poc:
File helloExtracted = Spacelift.task(new File("/hello.zip"), UnzipTool.class)
.toDir("target/hellotgz")
.execute()
.await();
File helloExtracted1 = Spacelift.task(new File("/hello.zip"), UntarTool.class)
.toDir("target/hellotgz")
.execute()
.await();