[
https://issues.apache.org/jira/browse/SUBMARINE-981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Su updated SUBMARINE-981:
-------------------------------
Description:
Upgrade com.google.guava:guava to version 30.0-jre or later.
h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3]
low severity
*Vulnerable versions:* <= 29.0
*Patched version:* 30.0-jre
A temp directory creation vulnerability exist in Guava versions prior to 30.0
allowing an attacker with access to the machine to potentially access data in a
temporary directory created by the Guava
com.google.common.io.Files.createTempDir(). The permissions granted to the
directory created default to the standard unix-like /tmp ones, leaving the
files open. We recommend updating Guava to version 30.0 or later, or update to
Java 7 or later, or to explicitly change the permissions after the creation of
the directory if neither are possible.
was:
Upgrade com.google.guava:guava to version 30.0-jre or later.
h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3]
low severity
*Vulnerable versions:* <= 29.0
*Patched version:* 30.0-jre
A temp directory creation vulnerability exist in Guava versions prior to 30.0
allowing an attacker with access to the machine to potentially access data in a
temporary directory created by the Guava
com.google.common.io.Files.createTempDir(). The permissions granted to the
directory created default to the standard unix-like /tmp ones, leaving the
files open. We recommend updating Guava to version 30.0 or later, or update to
Java 7 or later, or to explicitly change the permissions after the creation of
the directory if neither are possible.
> Update com.google.guava:guava version
> --------------------------------------
>
> Key: SUBMARINE-981
> URL: https://issues.apache.org/jira/browse/SUBMARINE-981
> Project: Apache Submarine
> Issue Type: Improvement
> Components: Commons
> Reporter: Kevin Su
> Priority: Minor
>
> Upgrade com.google.guava:guava to version 30.0-jre or later.
> h5. [CVE-2020-8908|https://github.com/advisories/GHSA-5mg8-w23w-74h3]
> low severity
> *Vulnerable versions:* <= 29.0
> *Patched version:* 30.0-jre
> A temp directory creation vulnerability exist in Guava versions prior to
> 30.0 allowing an attacker with access to the machine to potentially access
> data in a temporary directory created by the Guava
> com.google.common.io.Files.createTempDir(). The permissions granted to the
> directory created default to the standard unix-like /tmp ones, leaving the
> files open. We recommend updating Guava to version 30.0 or later, or update
> to Java 7 or later, or to explicitly change the permissions after the
> creation of the directory if neither are possible.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org
For additional commands, e-mail: dev-h...@submarine.apache.org
