Is CVE-2020-8908 actively exploited?

CVE-2020-8908 has no public evidence of in-the-wild exploitation as of 2026-02-23.

What is the CVSS score for CVE-2020-8908?

CVE-2020-8908 has a CVSS score of 3.3 (LOW severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

How do I patch CVE-2020-8908?

Patch guidance is available from google security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-8908.

CVE-2020-8908 - remediation guidance & executive summary

Q: Which products are affected by CVE-2020-8908?

23 products: google guava, quarkus quarkus, oracle commerce guided search, oracle communications cloud native core network slice selection function, oracle communications pricing design center, and 18 more.

Description

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Weaknesses: CWE-378 CWE-732 · Incorrect Permission Assignment

Metadata

Primary Vendor: GOOGLE
Published: 12/10/2020
Last Modified: 2/23/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

google : guavaquarkus : quarkusoracle : commerce_guided_searchoracle : communications_cloud_native_core_network_slice_selection_functionoracle : communications_pricing_design_centeroracle : communications_pricing_design_centeroracle : data_integratororacle : data_integratororacle : nosql_databaseoracle : peoplesoft_enterprise_peopletoolsoracle : peoplesoft_enterprise_peopletoolsoracle : peoplesoft_enterprise_peopletoolsoracle : retail_customer_management_and_segmentation_foundationoracle : weblogic_serveroracle : communications_cloud_native_core_network_repository_functionoracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifiernetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : active_iq_unified_manager

Remediation Guidance

Executive Summary

View on NIST NVD