archive/zip in github.com/golang/go is vulnerable to denial of service (DoS). The use of Reader.Open API on a Zip file that contains a file prefixed with โโฆ/โ, such as Open(...)
causes a panic in the function toValidName
when attempting to strip the prefixed path components.