Issue

Given a crafted zip file containing a file of filename ../../../../../../../../tmp/evil.txt, zip will extract the file to /tmp/evil.txt, while actually it should be extracted to ./tmp/evil.txt. This vulnerability could allow the attacker to write a file to an arbitrary directory.

How to reproduce

You can try to reproduce this vulnerability using this zip file, note that the symbol nim -d:useLibzipSrc is needed for compilation. You can find the PoC here