0.009 Low
EPSS
Percentile
82.8%
Goomph is vulnerable to arbitrary file writes. The vulnerability exists in unzip function of ZipMisc.java due to insufficient checks when unzipping zip files which allows an attacker to write files in arbitrary locations in the file system.
unzip
ZipMisc.java
github.com/advisories/GHSA-p2f7-9cv7-jjf6
github.com/diffplug/goomph/commit/25f04f67ba62d9a14104bee13a0a0f2517afb8c8
github.com/diffplug/goomph/pull/198