EUVD-2022-6886

Malicious code in bioql PyPI...

com.diffplug.atplug:atplug-plugin-gradle (>=0.1.0 <=0.1.1), com.diffplug.atplug:com.diffplug.atplug.gradle.plugin (>=0.1.0 <=0.1.1) +50 more potentially affected by CVE-2022-26049 via com.diffplug.gradle:goomph (>=2.0.0 <=3.37.1)

com.diffplug.gradle:goomph MAVEN version =2.0.0, =0.1.0, =0.1.0, =3.32.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =2.0.0, =3.16.0, =3.18.0 - com.diffplug.gradle.eclipse.excludebuildfolder:com.diffplug.gradle.eclipse.excludebuildfolder.gradle.plugin...

CVE-2022-26049

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

PT-2022-17642 · Unknown · Com.Diffplug.Gradle:Goomph

Name of the Vulnerable Software and Affected Versions: com.diffplug.gradle:goomph versions prior to 3.37.2 Description: This issue allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting...

Goomph 路径遍历漏洞

Goomph is a DiffPlug open source plugin . Used to build OSGi packages , Eclipse plug-ins and RCP applications . A security vulnerability exists in Goomph versions prior to 3.37.2 that allows a malicious zip file to be written to an arbitrary location on the file system, overwriting certain...