Last modified: 2014-04-11 21:12:46 UTC
It's possible for a small .zip file to expand to arbitrarily large content files. This opens a DOS vector in this extension's upload-and-unpack feature. It can use unzip -l or equivalent (and tar -t or equivalent for tar files) to find out how large the package's contents are before unpacking it, and refuse oversize content.