VYPR

Maven package

com.diffplug.gradle/goomph

pkg:maven/com.diffplug.gradle/goomph

Vulnerabilities (1)

  • CVE-2022-26049MedSep 11, 2022
    affected < 3.37.2fixed 3.37.2

    This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an att