Description
The SevenZ decompressor doesn't check that the file to be extracted is escaping the current directory or not.
In another place in the repository, there is a safe implementation that was added as an example when the Zip Slip vulnerability was originally published: https://github.com/apache/commons-compress/blob/1a14a23a05f7104e3d41a25a0f7e78ae1556285e/src/main/java/org/apache/commons/compress/archivers/examples/Expander.java#L308