A known critical vulnerability has been given the moniker Zip Slip in an effort to raise awareness of its prevalence. An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine. A recent analysis shows the bug affects multiple open-source ecosystems, including JavaScript, Ruby,.NET and Go. As a result, thousands of developer projects, including ones from Amazon, Apache, HP, Pivotal and many others, have been identified as vulnerable.
Source: https://threatpost.com/zip-slip-flaw-affects-thousands-of-open-source-projects/132577/