GHSA-5mg8-w23w-74h3

Source

https://github.com/advisories/GHSA-5mg8-w23w-74h3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-5mg8-w23w-74h3/GHSA-5mg8-w23w-74h3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5mg8-w23w-74h3

Aliases

CGA-7rjh-334q-pq8g
CVE-2020-8908
SNYK-JAVA-COMGOOGLEGUAVA-1015415

Related

Published

2021-03-25T17:04:19Z

Modified

2024-10-15T05:42:08.755499Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Information Disclosure in Guava

Details

A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.

References

Affected packages

Maven / com.google.guava:guava

Package

Name: com.google.guava:guava; View open source insights on deps.dev
Purl: pkg:maven/com.google.guava/guava

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

32.0.0-android

Affected versions

Other

r03

r05

r06

r07

r08

r09

10.*

10.0-rc1

10.0-rc2

10.0-rc3

10.0

10.0.1

11.*

11.0-rc1

11.0

11.0.1

11.0.2

12.*

12.0-rc1

12.0-rc2

12.0

12.0.1

13.*

13.0-rc1

13.0-rc2

13.0

13.0.1

14.*

14.0-rc1

14.0-rc2

14.0-rc3

14.0

14.0.1

15.*

15.0-rc1

15.0

16.*

16.0-rc1

16.0

16.0.1

17.*

17.0-rc1

17.0-rc2

17.0

18.*

18.0-rc1

18.0-rc2

18.0

19.*

19.0-rc1

19.0-rc2

19.0-rc3

19.0

20.*

20.0-rc1

20.0

21.*

21.0-rc1

21.0-rc2

21.0

22.*

22.0-rc1

22.0-rc1-android

22.0

22.0-android

23.*

23.0-rc1

23.0-rc1-android

23.0

23.0-android

23.1-android

23.1-jre

23.2-android

23.2-jre

23.3-android

23.3-jre

23.4-android

23.4-jre

23.5-android

23.5-jre

23.6-android

23.6-jre

23.6.1-android

23.6.1-jre

24.*

24.0-android

24.0-jre

24.1-android

24.1-jre

24.1.1-android

24.1.1-jre

25.*

25.0-android

25.0-jre

25.1-android

25.1-jre

26.*

26.0-android

26.0-jre

27.*

27.0-android

27.0-jre

27.0.1-android

27.0.1-jre

27.1-android

27.1-jre

28.*

28.0-android

28.0-jre

28.1-android

28.1-jre

28.2-android

28.2-jre

29.*

29.0-android

29.0-jre

30.*

30.0-android

30.0-jre

30.1-android

30.1-jre

30.1.1-android

30.1.1-jre

31.*

31.0-android

31.0-jre

31.0.1-android

31.0.1-jre

31.1-android

31.1-jre

Ecosystem specific

{
    "affected_functions": [
        "com.google.common.io.Files.createTempDir"
    ]
}