A temp directory creation vulnerability exists in all Guava versions allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method

Repository: OpenNMS/alec (https://github.com/OpenNMS/alec)
Dependabot: https://github.com/OpenNMS/alec/security/dependabot/3
CVE: CVE-2020-8908
CVSS: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
GHSA: GHSA-5mg8-w23w-74h3
Severity: low
Ecosystem: maven
Package Name: com.google.guava:guava
Vulnerable Version Range: <= 29.0
First Patched Version: