As per @SonarSource, Arbitrary arguments can be added to the tar command, e.g. by creating a file named “-I touch shell” in /opt/webapp. The -I argument allows executing an arbitrary command, here “touch shell”. --checkpoint-action works too.
Twitter Thread: https://twitter.com/harshbothra_/status/1489630710025830400