CVE-2020-8908 @ Maven-com.google.guava:guava-25.0-jre #530
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-com.google.guava:guava-25.0-jre in branch main
A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible.
Namespace: CxDemoInABoxRepos
Repository: Java-Webgoat
Repository Url: https://github.com/CxDemoInABoxRepos/Java-Webgoat
CxAST-Project: CxDemoInABoxRepos/Java-Webgoat
CxAST platform scan: 188de2bd-a9df-4b09-95f7-dd05d6f06695
Branch: main
Application: Java-Webgoat
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
CWE: CWE-732
Additional Info
Attack vector: LOCAL
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 30.0-android
References
Advisory
Issue
Commit
The text was updated successfully, but these errors were encountered: