Lucene search
K

4 matches found

Circl
Circl
added 2025/08/19 9:2 p.m.13 views

CVE-2022-26049

creationtimestamp| type| source ---|---|--- 2025-08-19 21:02:26+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzrmar2c...

8.8CVSS7.3AI score0.01876EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2022/09/12 12:0 a.m.6 views

com.diffplug.atplug:atplug-plugin-gradle (>=0.1.0 <=0.1.1), com.diffplug.atplug:com.diffplug.atplug.gradle.plugin (>=0.1.0 <=0.1.1) +50 more potentially affected by CVE-2022-26049 via com.diffplug.gradle:goomph (>=2.0.0 <=3.37.1)

com.diffplug.gradle:goomph MAVEN version =2.0.0, =0.1.0, =0.1.0, =3.32.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =2.0.0, =3.16.0, =3.18.0 - com.diffplug.gradle.eclipse.excludebuildfolder:com.diffplug.gradle.eclipse.excludebuildfolder.gradle.plugin...

8.8CVSS7.2AI score0.01876EPSS
Exploits1
CVE
CVE
added 2022/09/11 1:45 p.m.88 views

CVE-2022-26049

CVE-2022-26049 affects com.diffplug.gradle:goomph before 3.37.2. The unzip path handling permits writing files to arbitrary locations on the filesystem, potentially enabling remote code execution. Affected versions lack sufficient path validation in ZipMisc.java; the only file extracted is the p2...

8.8CVSS7.2AI score0.01876EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/09/11 1:45 p.m.16 views

CVE-2022-26049 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

5.3CVSS7.9AI score0.01876EPSS
Exploits1References5
Rows per page
Query Builder