Search for packages
| purl | pkg:maven/com.google.guava/guava@r08 |
| Next non-vulnerable version | 32.0.0-android |
| Latest non-vulnerable version | 32.0.0-android |
| Risk | 1.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bdyj-ymzs-hfcc
Aliases: CVE-2020-8908 GHSA-5mg8-w23w-74h3 |
Information Disclosure in Guava A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T21:19:29.272776+00:00 | GitLab Importer | Affected by | VCID-bdyj-ymzs-hfcc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.google.guava/guava/CVE-2020-8908.yml | 38.4.0 |
| 2026-04-11T22:31:48.201974+00:00 | GitLab Importer | Affected by | VCID-bdyj-ymzs-hfcc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.google.guava/guava/CVE-2020-8908.yml | 38.3.0 |
| 2026-04-02T22:43:08.060749+00:00 | GitLab Importer | Affected by | VCID-bdyj-ymzs-hfcc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.google.guava/guava/CVE-2020-8908.yml | 38.1.0 |
| 2026-04-01T17:00:51.268587+00:00 | GitLab Importer | Affected by | VCID-bdyj-ymzs-hfcc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.google.guava/guava/CVE-2020-8908.yml | 38.0.0 |