SNYK-JAVA-JUNIT-1017047
## Overview [junit:junit](https://mvnrepository.com/artifact/junit/junit) is an unit testing framework for Java Affected versions of this package are vulnerable to Information Exposure. The JUnit4 test rule `TemporaryFolder` contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. *Note:* This vulnerability does not allow other users to overwrite the contents of these directories or files. This only affects Unix like systems. ## Remediation Upgrade `junit:junit` to version 4.13.1 or higher. ## References - [GitHub Commit](https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae) - [POC: GitHub Advisory](https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp)
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0, 4.7 |
Timeline
- Oct 12, 2020 CVE Updated
- Oct 13, 2020 CVE Published
References
- https://security.snyk.io/vuln/SNYK-JAVA-JUNIT-1017047 advisory
- https://learn.snyk.io/lesson/sensitive-information-disclosure-llm/ technical
- https://mvnrepository.com/artifact/junit/junit technical
- https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae patch
- https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp advisory