CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
15.5%
com.google.guava, guava is vulnerable to Information Disclosure. The vulnerability exits due to incorrect default file permissions in FileBackedOutputStream
, which allow an attacker to access the temporary directory.
github.com/advisories/GHSA-7g45-4rm6-3mm3
github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284
github.com/google/guava/issues/2575
github.com/google/guava/releases/tag/v32.0.0
security.netapp.com/advisory/ntap-20230818-0008/
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html