CVE-2021-23331
CVE-2021-23331 affects all versions of com.squareup:connect. The ApiClient creates a temporary file with permissions -rw-r--r-- in the system temp dir; since that directory is shared on Unix-like systems, the downloaded content may be visible to other local users. The issue is inherent to the SDK...