The DataHelix generator allows you to quickly create data, based on a JSON profile that defines fields and the relationships between them, for the purpose of testing and validation
Path to dependency file: datahelix/output/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/25.1-android/bdaab946ca5ad20253502d873ba0c3313d141036/guava-25.1-android.jar
A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.
CVE-2020-8908 - Low Severity Vulnerability
guava-25.1-android.jar
Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.
Library home page: https://github.com/google/guava
Path to dependency file: datahelix/output/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/25.1-android/bdaab946ca5ad20253502d873ba0c3313d141036/guava-25.1-android.jar
Dependency Hierarchy: - shazamcrest-0.11.jar (Root Library) - :x: **guava-25.1-android.jar** (Vulnerable Library)
guava-25.0-jre.jar
Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.
Library home page: https://github.com/google/guava
Path to dependency file: datahelix/playground/build.gradle
Path to vulnerable library: /tmp/ws-ua_20210105093551_VLNTJE/downloadResource_CTPAUS/20210105093636/guava-25.0-jre.jar
Dependency Hierarchy: - selenium-java-3.141.59.jar (Root Library) - :x: **guava-25.0-jre.jar** (Vulnerable Library)
Found in base branch: master
A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.
Publish Date: 2020-12-10
URL: CVE-2020-8908
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908
Release Date: 2020-12-10
Fix Resolution: v30.0