EUVD-2022-6886

Malicious code in bioql PyPI...

Arbitrary File Write

Goomph is vulnerable to arbitrary file writes. The vulnerability exists in unzip function of ZipMisc.java due to insufficient checks when unzipping zip files which allows an attacker to write files in arbitrary locations in the file system...

Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

GHSA-P2F7-9CV7-JJF6 Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

com.diffplug.atplug:atplug-plugin-gradle (>=0.1.0 <=0.1.1), com.diffplug.atplug:com.diffplug.atplug.gradle.plugin (>=0.1.0 <=0.1.1) +50 more potentially affected by CVE-2022-26049 via com.diffplug.gradle:goomph (>=2.0.0 <=3.37.1)

com.diffplug.gradle:goomph MAVEN version =2.0.0, =0.1.0, =0.1.0, =3.32.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =3.21.0, =2.0.0, =3.16.0, =3.18.0 - com.diffplug.gradle.eclipse.excludebuildfolder:com.diffplug.gradle.eclipse.excludebuildfolder.gradle.plugin...

CVE-2022-26049 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

CVE-2022-26049

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

PT-2022-17642 · Unknown · Com.Diffplug.Gradle:Goomph

Name of the Vulnerable Software and Affected Versions: com.diffplug.gradle:goomph versions prior to 3.37.2 Description: This issue allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting...

Goomph 路径遍历漏洞

Goomph is a DiffPlug open source plugin . Used to build OSGi packages , Eclipse plug-ins and RCP applications . A security vulnerability exists in Goomph versions prior to 3.37.2 that allows a malicious zip file to be written to an arbitrary location on the file system, overwriting certain...