GHSA-P2F7-9CV7-JJF6 Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations
This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...