An issue in Archive v3.3.7 allows malicious users to execute a path traversal via extracting a crafted zip file.
archive project archive 3.3.7