A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.
LOW Vulnerable Package issue exists @ com.google.guava:guava in branch master
Description
A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.
LOW Vulnerable Package issue exists @ com.google.guava:guava in branch master
Vulnerability ID: CVE-2020-8908
Package Name: com.google.guava:guava
Severity: LOW
CVSS Score: 3.3
Publish Date: 2020-12-10T23:15:00
Current Package Version: 20.0
Remediation Upgrade Recommendation: 30.0-android
Link To SCA
Reference – NVD link