How to remove HIGH security vulnerability CVE-2023-2976
All the applications using com.google.guava.Guava as third party library.
Root cause –
Use of Java’s default temporary directory for file creation in
FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Vulnerability Details –
Upgrade Guava to version 32.0.1 and above as version 32.0.0 breaks some functionality under Windows.
Do you have another solution?
The solution provided above is based on the scenario our one of the developers/contributors faced. If you faced the same issue and found any other root cause then please share your solution in the comment section below. We will add the solution in this article.