Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

Github Security Blog
Github Security Blogadded 2021/06/16 5:53 p.m.48 views

Insecure temporary file used in com.squareup:connect

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

4.4CVSS2.2AI score0.00036EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2021/02/03 6:15 p.m.6 views

CVE-2021-23331

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

4.4CVSS0.00036EPSS
Exploits0References2
CVE
CVEadded 2021/02/03 6:5 p.m.66 views

CVE-2021-23331

CVE-2021-23331 affects all versions of com.squareup:connect. The ApiClient creates a temporary file with permissions -rw-r--r-- in the system temp dir; since that directory is shared on Unix-like systems, the downloaded content may be visible to other local users. The issue is inherent to the SDK...

4.4CVSS3.7AI score0.00036EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2021/02/03 6:5 p.m.14 views

CVE-2021-23331 Insecure Temporary File

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

4.4CVSS4.8AI score0.00036EPSS
Exploits0References2
Snyk
Snykadded 2021/02/03 10:25 a.m.5 views

Insecure Temporary File

Overview com.squareup:connect is a stack of middleware that is executed in order in each request. Affected versions of this package are vulnerable to Insecure Temporary File. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like system...

4.4CVSS6.5AI score0.00036EPSS
Exploits0References2
Rows per page
Query Builder