{"id":"CVE-2020-8908","details":"A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.","aliases":["GHSA-5mg8-w23w-74h3","SNYK-JAVA-COMGOOGLEGUAVA-1015415"],"modified":"2026-05-19T04:02:06.147864105Z","published":"2020-12-10T23:15:13.973Z","related":["CGA-w93v-xw63-rv54","SUSE-SU-2023:3090-1","SUSE-SU-2024:1138-1","openSUSE-SU-2024:10835-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"11.3.2"}],"cpes":["cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*"],"vendor_product":"oracle:commerce_guided_search","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"1.14.0"}],"cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:communications_cloud_native_core_network_repository_function","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"1.2.1"}],"vendor_product":"oracle:communications_cloud_native_core_network_slice_selection_function","cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"12.0.0.4.0"},{"last_affected":"12.0.0.5.0"}],"vendor_product":"oracle:communications_pricing_design_center","cpes":["cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"12.2.1.3.0"},{"last_affected":"12.2.1.4.0"}],"vendor_product":"oracle:data_integrator","cpes":["cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"extracted_events":[{"fixed":"20.3"}],"vendor_product":"oracle:nosql_database","cpes":["cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.57"},{"last_affected":"8.58"},{"last_affected":"8.59"}],"cpes":["cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*"],"vendor_product":"oracle:peoplesoft_enterprise_peopletools","source":"CPE_FIELD"},{"extracted_events":[{"introduced":"17.7"},{"last_affected":"17.12"},{"last_affected":"18.8"},{"last_affected":"19.12"},{"last_affected":"20.12"},{"last_affected":"21.12"}],"cpes":["cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*"],"vendor_product":"oracle:primavera_unifier","source":"CPE_FIELD"},{"extracted_events":[{"introduced":"16.0"},{"last_affected":"19.0"}],"cpes":["cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*"],"vendor_product":"oracle:retail_customer_management_and_segmentation_foundation","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"14.1.1.0.0"}],"cpes":["cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:weblogic_server","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220210-0003/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40"},{"type":"FIX","url":"https://github.com/google/guava/issues/4011"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/google/guava","events":[{"introduced":"0"},{"fixed":"6b1f97ced922d48f071153ad9e631d06383033a4"},{"fixed":"fec0dbc4634006a6162cfd4d0d09c962073ddf40"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"32.0.0"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*"}}],"versions":["failureaccess-v1.0.1","released-all-futures","jdk5-backport-branch-point","v7.0","v2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8908.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/quarkusio/quarkus","events":[{"introduced":"0"},{"fixed":"60a549cadba9f9e10583b4348b5102e8b4087aa7"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.11.4"}],"cpe":"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8908.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}