Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:36992
HistorySep 12, 2022 - 4:47 a.m.

Arbitrary File Write

2022-09-1204:47:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
goomph
arbitrary file writes
zipmisc.java

0.009 Low

EPSS

Percentile

82.8%

JSON

Goomph is vulnerable to arbitrary file writes. The vulnerability exists in unzip function of ZipMisc.java due to insufficient checks when unzipping zip files which allows an attacker to write files in arbitrary locations in the file system.

CPENameOperatorVersion
goomphle3.37.1
goomphle3.37.1

Related

osv 2
prion 1
cvelist 1
cve 1
nvd 1
github 1
osv
osv
CVE-2022-26049
2022-09-11 14:15:08
Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations
2022-09-12 00:00:33
prion
prion
Design/Logic Flaw
2022-09-11 14:15:00
cvelist
cvelist
CVE-2022-26049 Arbitrary File Write via Archive Extraction (Zip Slip)
2022-09-11 00:00:00
cve
cve
CVE-2022-26049
2022-09-11 14:15:08
nvd
nvd
CVE-2022-26049
2022-09-11 14:15:08
github
github
Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations
2022-09-12 00:00:33

0.009 Low

EPSS

Percentile

82.8%

JSON
Related for VERACODE:36992
osv2prion1cvelist1cve1nvd1github1