Skip to content

How to Fix CVE-2023-2976

Security Vulnerability-

How to remove HIGH security vulnerability CVE-2023-2976

Environment –

All the applications using com.google.guava.Guava as third party library.

Root cause –

Use of Java’s default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Vulnerability Details –

NVD StatusNVD url
7.1 HighCVE-2023-2976

Solution –

Upgrade Guava to version 32.0.1 and above as version 32.0.0 breaks some functionality under Windows.

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.1-jre</version>
</dependency>

Do you have another solution?

The solution provided above is based on the scenario our one of the developers/contributors faced. If you faced the same issue and found any other root cause then please share your solution in the comment section below. We will add the solution in this article.

Leave a Reply

Your email address will not be published. Required fields are marked *