OESA-2021-1049

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1049
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1049.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2021-1049
Upstream
Published
2021-03-05T11:02:38Z
Modified
2025-09-03T06:17:12.623952Z
Summary
guava security update
Details

Guava is a set of core Java libraries from Google that includes new collection types (such as multimap and multiset), immutable collections, a graph library, and utilities for concurrency, I/O, hashing, caching, primitives, strings, and more! It is widely used on most Java projects within Google, and widely used by many other companies as well.

Security Fix(es):

A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.(CVE-2020-8908)

Database specific 
{
    "severity": "Low"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / guava

Package

Name
guava
Purl
pkg:rpm/openEuler/guava&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.0-5.oe1

Ecosystem specific 

{
    "src": [
        "guava-25.0-5.oe1.src.rpm"
    ],
    "noarch": [
        "guava-help-25.0-5.oe1.noarch.rpm",
        "guava-testlib-25.0-5.oe1.noarch.rpm",
        "guava-25.0-5.oe1.noarch.rpm"
    ]
}