squareup connect_java_software_development_kit CVE Vulnerabilities (1) — All product CPE matches

CVEs: 1 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities for squareup connect_java_software_development_kit from every vulnerable NVD CPE match row for this product, including cases where the versions table cannot show finer version attributes.

Showing 11 of 1 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2021-23331 This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediati [email protected] 4.4 0.34% 2021-02-03 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence