Researchers at Snyk have identified a vulnerability in the way open source software libraries handle archive files. Snyk describes it as a "widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution" (Tech Republic). Attackers can create Zip archives that overwrite files in affected systems through path traversal. Such files are either destroyed entirely or replaced with malicious content. Snyk has posted a list of vulnerable projects to GitHub (Naked Security).