Nanmozhi22
commented
3 weeks ago @psavidis
Hello, We have opened this contribution as part of the depend bot alert - CVE-2020-8908 , Affected versions - < 32.0.0-android. Would you be able to review this and share your comments ?
Here is the description :
A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.
All committers have signed the CLA.