GHSA-7g45-4rm6-3mm3

Suggest an improvement
Source
https://github.com/advisories/GHSA-7g45-4rm6-3mm3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-7g45-4rm6-3mm3/GHSA-7g45-4rm6-3mm3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7g45-4rm6-3mm3
Aliases
Related
Published
2023-06-14T18:30:38Z
Modified
2024-10-22T05:29:00.637094Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Guava vulnerable to insecure use of temporary directory
Details

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Database specific
{
    "nvd_published_at": "2023-06-14T18:15:09Z",
    "cwe_ids": [
        "CWE-379",
        "CWE-552"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-14T21:01:07Z"
}
References

Affected packages

Maven / com.google.guava:guava

Package

Name
com.google.guava:guava
View open source insights on deps.dev
Purl
pkg:maven/com.google.guava/guava

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
32.0.0-android

Affected versions

10.*

10.0-rc1
10.0-rc2
10.0-rc3
10.0
10.0.1

11.*

11.0-rc1
11.0
11.0.1
11.0.2

12.*

12.0-rc1
12.0-rc2
12.0
12.0.1

13.*

13.0-rc1
13.0-rc2
13.0
13.0.1

14.*

14.0-rc1
14.0-rc2
14.0-rc3
14.0
14.0.1

15.*

15.0-rc1
15.0

16.*

16.0-rc1
16.0
16.0.1

17.*

17.0-rc1
17.0-rc2
17.0

18.*

18.0-rc1
18.0-rc2
18.0

19.*

19.0-rc1
19.0-rc2
19.0-rc3
19.0

20.*

20.0-rc1
20.0

21.*

21.0-rc1
21.0-rc2
21.0

22.*

22.0-rc1
22.0-rc1-android
22.0
22.0-android

23.*

23.0-rc1
23.0-rc1-android
23.0
23.0-android
23.1-android
23.1-jre
23.2-android
23.2-jre
23.3-android
23.3-jre
23.4-android
23.4-jre
23.5-android
23.5-jre
23.6-android
23.6-jre
23.6.1-android
23.6.1-jre

24.*

24.0-android
24.0-jre
24.1-android
24.1-jre
24.1.1-android
24.1.1-jre

25.*

25.0-android
25.0-jre
25.1-android
25.1-jre

26.*

26.0-android
26.0-jre

27.*

27.0-android
27.0-jre
27.0.1-android
27.0.1-jre
27.1-android
27.1-jre

28.*

28.0-android
28.0-jre
28.1-android
28.1-jre
28.2-android
28.2-jre

29.*

29.0-android
29.0-jre

30.*

30.0-android
30.0-jre
30.1-android
30.1-jre
30.1.1-android
30.1.1-jre

31.*

31.0-android
31.0-jre
31.0.1-android
31.0.1-jre
31.1-android
31.1-jre