{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42800?format=json","vulnerability_id":"VCID-7egk-a6z8-47hx","summary":"Exposure of Resource to Wrong Sphere\nOn unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969","aliases":[{"alias":"CVE-2021-22572"},{"alias":"GHSA-22c6-wcjm-qfjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61140?format=json","purl":"pkg:maven/org.datatransferproject/portability-spi-cloud@0.3.57","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.datatransferproject/portability-spi-cloud@0.3.57"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/564886?format=json","purl":"pkg:maven/org.datatransferproject/portability-spi-cloud@0.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7egk-a6z8-47hx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.datatransferproject/portability-spi-cloud@0.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/564887?format=json","purl":"pkg:maven/org.datatransferproject/portability-spi-cloud@0.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7egk-a6z8-47hx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.datatransferproject/portability-spi-cloud@0.1.6"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22572","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02063","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02078","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02086","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02076","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02062","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02056","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22572"},{"reference_url":"https://github.com/google/data-transfer-project/pull/969","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/google/data-transfer-project/pull/969"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22572","reference_id":"CVE-2021-22572","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22572"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":668,"name":"Exposure of Resource to Wrong Sphere","description":"The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7egk-a6z8-47hx"}