CVE-2020-8908
Published at:
-
11-12-2020 12:15
Last modified:
-
10-05-2022 05:21
Total changes:
-
24
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Local
Attack vector
None
Availability
Low
Confidentiality
None
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
3.3
Base score
1.8
1.4
Exploitability score
Impact score
Verification logic
Reference
- https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
- https://github.com/google/guava/issues/4011
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
- [ws-commits] 20210104 [ws-wss4j] branch 2_3_x-fixes updated: Updating Guava to 30.1 due to CVE-2020-8908-Mailing List, Patch, Third Party Advisory
- [ws-commits] 20210104 [ws-wss4j] branch master updated: Updating Guava to 30.1 due to CVE-2020-8908-Mailing List, Patch, Third Party Advisory
- [cxf-commits] 20210104 [cxf] 02/02: Updating Guava to 30.1 due to CVE-2020-8908-Mailing List, Patch, Third Party Advisory
- [cxf-commits] 20210104 [cxf] 03/04: Updating Guava to 30.1 due to CVE-2020-8908-Mailing List, Patch, Third Party Advisory
- https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
- [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core-Mailing List, Third Party Advisory
- [db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?-Mailing List, Third Party Advisory
- [db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?-Mailing List, Third Party Advisory
- [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities-Mailing List, Third Party Advisory
- [myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix-Mailing List, Third Party Advisory
- [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.html
- [drill-dev] 20210618 [GitHub] [drill] ssainz edited a comment on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1-Mailing List, Third Party Advisory
- [drill-dev] 20210618 [GitHub] [drill] ssainz commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1-Mailing List, Third Party Advisory
- [drill-dev] 20210618 [GitHub] [drill] cgivre commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1-Mailing List, Third Party Advisory
- [drill-dev] 20210619 [GitHub] [drill] luocooong commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1-Mailing List, Third Party Advisory
- N/A-Patch, Third Party Advisory
- [hadoop-common-issues] 20211018 [GitHub] [hadoop] lujiefsi opened a new pull request #3561: Yarn 10980-Mailing List, Third Party Advisory
- [hadoop-yarn-issues] 20211018 [jira] [Updated] (YARN-10980) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hadoop-yarn-dev] 20211018 [jira] [Created] (YARN-10980) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hadoop-yarn-issues] 20211018 [jira] [Created] (YARN-10980) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hive-issues] 20211018 [jira] [Updated] (HIVE-25617) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hadoop-yarn-issues] 20211018 [jira] [Commented] (YARN-10980) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hive-gitbox] 20211018 [GitHub] [hive] lujiefsi opened a new pull request #2725: HIVE-25617:fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hadoop-common-issues] 20211018 [GitHub] [hadoop] lujiefsi edited a comment on pull request #3561: YARN-10980:fix CVE-2020-8908-Mailing List, Third Party Advisory
- [geode-issues] 20211018 [jira] [Updated] (GEODE-9744) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hive-issues] 20211018 [jira] [Work logged] (HIVE-25617) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hadoop-yarn-issues] 20211018 [jira] [Comment Edited] (YARN-10980) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [geode-issues] 20211018 [jira] [Created] (GEODE-9744) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hadoop-yarn-issues] 20211018 [jira] [Resolved] (YARN-10980) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hadoop-yarn-dev] 20211018 [jira] [Resolved] (YARN-10980) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [hive-dev] 20211018 [jira] [Created] (HIVE-25617) fix CVE-2020-8908-Mailing List, Third Party Advisory
- [geode-issues] 20211018 [jira] [Updated] (GEODE-9744) bug like CVE-2020-8908-Mailing List, Third Party Advisory
- [geode-issues] 20211018 [jira] [Updated] (GEODE-9744) bug CVE-2020-8908-Mailing List, Third Party Advisory
- [geode-issues] 20211018 [jira] [Updated] (GEODE-9744) like CVE-2020-8908-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.html
- [pig-dev] 20211021 [GitHub] [pig] lujiefsi opened a new pull request #36: PIG-5417:Replace guava's Files.createTempDir()-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://security.netapp.com/advisory/ntap-20220210-0003/
- https://www.oracle.com/security-alerts/cpuapr2022.html
Keywords