CVE-2023-2976: 
Java vulnerability analysis and mitigation

CVE-2023-2976 affects Google Guava versions 1.0 to 31.1, specifically the FileBackedOutputStream component. The vulnerability relates to the use of Java's default temporary directory for file creation on Unix systems and Android Ice Cream Sandwich. This security issue was disclosed in June 2023 and affects applications using the vulnerable Guava versions (NVD).

The vulnerability stems from insecure temporary file creation in the FileBackedOutputStream class, which uses Java's default temporary directory. This implementation allows other users and applications with access to the default Java temporary directory to access the files created by the class. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (NVD).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information or addition and modification of data. The vulnerability affects local users and applications that have access to the default Java temporary directory, potentially compromising the confidentiality and integrity of temporary files created by the application (NetApp Security).

The vulnerability has been fixed in Guava version 32.0.1. While version 32.0.0 also contains the security fix, it is recommended to use version 32.0.1 as version 32.0.0 has known functionality issues under Windows. Organizations should upgrade to the latest version to address this security concern (NVD).