GHSA-7g45-4rm6-3mm3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7g45-4rm6-3mm3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-7g45-4rm6-3mm3/GHSA-7g45-4rm6-3mm3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7g45-4rm6-3mm3
- Aliases
- Related
- Published
- 2023-06-14T18:30:38Z
- Modified
- 2024-10-15T05:57:01.955954Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Guava vulnerable to insecure use of temporary directory
- Details
-
Use of Java's default temporary directory for file creation in
FileBackedOutputStreamin Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-2976
- https://github.com/google/guava/issues/2575
- https://github.com/google/guava/issues/6532
- https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284
- https://github.com/google/guava
- https://github.com/google/guava/releases/tag/v32.0.0
- https://security.netapp.com/advisory/ntap-20230818-0008
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html
Affected packages
Maven / com.google.guava:guava
Package
- Name
- com.google.guava:guava
- View open source insights on deps.dev
- Purl
- pkg:maven/com.google.guava/guava
Affected versions
10.*
10.0-rc1
10.0-rc2
10.0-rc3
10.0
10.0.1
11.*
11.0-rc1
11.0
11.0.1
11.0.2
12.*
12.0-rc1
12.0-rc2
12.0
12.0.1
13.*
13.0-rc1
13.0-rc2
13.0
13.0.1
14.*
14.0-rc1
14.0-rc2
14.0-rc3
14.0
14.0.1
15.*
15.0-rc1
15.0
16.*
16.0-rc1
16.0
16.0.1
17.*
17.0-rc1
17.0-rc2
17.0
18.*
18.0-rc1
18.0-rc2
18.0
19.*
19.0-rc1
19.0-rc2
19.0-rc3
19.0
20.*
20.0-rc1
20.0
21.*
21.0-rc1
21.0-rc2
21.0
22.*
22.0-rc1
22.0-rc1-android
22.0
22.0-android
23.*
23.0-rc1
23.0-rc1-android
23.0
23.0-android
23.1-android
23.1-jre
23.2-android
23.2-jre
23.3-android
23.3-jre
23.4-android
23.4-jre
23.5-android
23.5-jre
23.6-android
23.6-jre
23.6.1-android
23.6.1-jre
24.*
24.0-android
24.0-jre
24.1-android
24.1-jre
24.1.1-android
24.1.1-jre
25.*
25.0-android
25.0-jre
25.1-android
25.1-jre
26.*
26.0-android
26.0-jre
27.*
27.0-android
27.0-jre
27.0.1-android
27.0.1-jre
27.1-android
27.1-jre
28.*
28.0-android
28.0-jre
28.1-android
28.1-jre
28.2-android
28.2-jre
29.*
29.0-android
29.0-jre
30.*
30.0-android
30.0-jre
30.1-android
30.1-jre
30.1.1-android
30.1.1-jre
31.*
31.0-android
31.0-jre
31.0.1-android
31.0.1-jre
31.1-android
31.1-jre