Maven package
com.diffplug.gradle/goomph
pkg:maven/com.diffplug.gradle/goomph
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-26049 | Med | 5.3 | < 3.37.2 | 3.37.2 | Sep 11, 2022 | This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an att |
- affected < 3.37.2fixed 3.37.2
This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an att