GHSA-q4hm-fwc9-hmv6

Suggest an improvement
Source
https://github.com/advisories/GHSA-q4hm-fwc9-hmv6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-q4hm-fwc9-hmv6/GHSA-q4hm-fwc9-hmv6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q4hm-fwc9-hmv6
Aliases
  • CVE-2021-23331
Published
2021-06-16T17:53:20Z
Modified
2023-11-08T04:05:03.838404Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Insecure temporary file used in com.squareup:connect
Details

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.

Database specific
{
    "nvd_published_at": "2021-02-03T18:15:00Z",
    "github_reviewed_at": "2021-03-22T22:46:28Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-377"
    ]
}
References

Affected packages

Maven / com.squareup:connect

Package

Name
com.squareup:connect
View open source insights on deps.dev
Purl
pkg:maven/com.squareup/connect

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.20191120.0

Affected versions

2.*

2.0.2
2.1.0
2.2.0
2.2.1
2.3.0
2.3.1
2.4.0
2.5.0
2.5.1
2.5.2
2.5.3
2.6.1
2.7.0
2.8.0
2.9.0
2.20180712.0
2.20180712.1
2.20180712.2
2.20180918.0
2.20180918.1
2.20181205.0
2.20181212.0
2.20190213.0
2.20190313.0
2.20190313.1
2.20190327.0
2.20190327.1
2.20190410.0
2.20190410.1
2.20190508.0
2.20190508.1
2.20190612.0
2.20190612.1
2.20190710.0
2.20190814.1
2.20190814.2
2.20190925.0
2.20191023.0
2.20191120.0