Server-Resource-Pack Vulnerability

The code in Minecraft to download Resource-Packs does not check wether it is a "real" zip file or not. My plugin injects a resource pack(in my case a dummy pack) into an executable using code caves in that executable and sends a request to the client. If the client downloads it you only need some social engeneering or other exploits to execute it. To fix this you can chek wether the file is a standalone zip or not using the zip file signature (504b 0304) or you check the whole file but for most common cases a signature check would be faster and block the attack successful. Feel free to ask any questions. And as an advice I know some people who would report some major bugs/exploits if they get an reward it doesnt have to be money it could be something like a hall of fame. I also would not report it but I want that getting fixed because it can cause damage it will not only freeze/crash your game. Am I allowed to publish the code/concept after the vulnerabilty is fixed I want other programmers to know it so that they dont do the same mistake.
~OlfillasOdikno