CVE-2023-2976

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-2976
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2976.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2976
Aliases
Downstream
Related
Published
2023-06-14T18:15:09Z
Modified
2025-08-09T19:01:27Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

References

Affected packages

Git / github.com/google/guava

Affected ranges

Type
GIT
Repo
https://github.com/google/guava
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6b1f97ced922d48f071153ad9e631d06383033a4