An issue in Archive v3.3.7 allows malicious users to spoof zip filenames which can lead to inconsistent filename parsing.
archive project archive 3.3.7