4 matches found
CVE-2022-26049
creationtimestamp| type| source ---|---|--- 2025-08-19 21:02:26+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzrmar2c...
com.diffplug.atplug:atplug-plugin-gradle (>=0.1.0 <=0.1.1), com.diffplug.atplug:com.diffplug.atplug.gradle.plugin (>=0.1.0 <=0.1.1) +50 more potentially affected by CVE-2022-26049 via com.diffplug.gradle:goomph (>=2.0.0 <=3.37.1)
com.diffplug.gradle:goomph MAVEN version =2.0.0, =0.1.0, =0.1.0, =3.32.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =2.0.0, =3.16.0, =3.18.0 - com.diffplug.gradle.eclipse.excludebuildfolder:com.diffplug.gradle.eclipse.excludebuildfolder.gradle.plugin...
CVE-2022-26049
CVE-2022-26049 affects com.diffplug.gradle:goomph before 3.37.2. The unzip path handling permits writing files to arbitrary locations on the filesystem, potentially enabling remote code execution. Affected versions lack sufficient path validation in ZipMisc.java; the only file extracted is the p2...
CVE-2022-26049 Arbitrary File Write via Archive Extraction (Zip Slip)
This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...