A directory traversal vulnerability was discovered in the Metadata anonymisation toolkit, which could result in information disclosure via a malformed ZIP archive.