Kevin Su created SUBMARINE-981:
----------------------------------
Summary: Update com.google.guava:guava version
Key: SUBMARINE-981
URL: https://issues.apache.org/jira/browse/SUBMARINE-981
Project: Apache Submarine
Issue Type: Improvement
Components: Commons
Reporter: Kevin Su
Upgrade com.google.guava:guava to version 30.0-jre or later.
h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3]
low severity
*Vulnerable versions:* <= 29.0
*Patched version:* 30.0-jre
A temp directory creation vulnerability exist in Guava versions prior to 30.0
allowing an attacker with access to the machine to potentially access data in a
temporary directory created by the Guava
com.google.common.io.Files.createTempDir(). The permissions granted to the
directory created default to the standard unix-like /tmp ones, leaving the
files open. We recommend updating Guava to version 30.0 or later, or update to
Java 7 or later, or to explicitly change the permissions after the creation of
the directory if neither are possible.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org
For additional commands, e-mail: dev-h...@submarine.apache.org
