How severe is CVE-2021-23331?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2021-23331?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2021-23331 - LOW Severity | CVSS 3.3

Vulnerability Description

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.

Related Vulnerabilities

CVE-2014-8134

LOW

CVSS:3.3(Low)

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to b...

NVD-CWE-Other2014

CVE-2016-0643

LOW

CVSS:3.3(Low)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users ...

NVD-CWE-Other2016

CVE-2016-0690

LOW

CVSS:3.3(Low)

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerabili...

NVD-CWE-Other2016