Specifically ZipCrypto is bad, which is the only supported crypto if you're password-protecting in Windows Explorer and the like. If you use 7zip or similar software you can use AES instead, which is fine.

http://math.ucr.edu/~mike/zipattacks.pdf

https://en.wikipedia.org/wiki/Zip_(file_format)#Encryption

There are multiple ways to password protect zip files. A user usually won't be able to tell whether the way used by their software is secure or not. The old way is insecure.

http://math.ucr.edu/~mike/zipattacks.pdf

https://github.com/hyc/fcrackzip

The modern format uses PBKDF2 like many password hashing formats and needs to be attacked with john the ripper or hashcat.