Sign In

CVE-2023-2976

ADVISORY - github

Summary

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

EPSS Score: 0.00041 (0.117)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-552

Files or Directories Accessible to External Parties

ADVISORY - github

CWE-379

Creation of Temporary File in Directory with Insecure Permissions

CWE-552

Files or Directories Accessible to External Parties

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-379

Creation of Temporary File in Directory with Insecure Permissions

CWE-552

Files or Directories Accessible to External Parties

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-552

Files or Directories Accessible to External Parties

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in