zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write
In the archive extraction routine of affected versions of the zip crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted.