Security researchers at British software firm Snyk have revealed details of a critical vulnerability that affects thousands of projects across many ecosystems. The issue is an arbitrary file overwrite vulnerability that triggers from a directory traversal attack while extracting files from an archive and affects numerous archive formats, including tar, jar, war, apk, rar, and 7z. The vulnerability can also cause damage by overwriting configuration files or other sensitive resources, and can be exploited on both client (user) machines and servers.
Source: https://thehackernews.com/2018/06/zipslip-vulnerability.html