It's possible for a small .zip file to expand to arbitrarily large content files. This opens a DOS vector in this extension's upload-and-unpack feature.
It can use unzip -l or equivalent (and tar -t or equivalent for tar files) to find out how large the package's contents are before unpacking it, and refuse oversize content.
Version: master
Severity: normal