{"id":"CVE-2021-22571","details":"A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.","modified":"2026-04-11T23:34:05.439701Z","published":"2022-03-18T11:15:07.777Z","related":["GHSA-7fjx-657r-9r5h"],"references":[{"type":"ADVISORY","url":"https://github.com/google/sa360-webquery-bigquery/releases/tag/v1.0.3"},{"type":"ADVISORY","url":"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7fjx-657r-9r5h"},{"type":"FIX","url":"https://github.com/google/sa360-webquery-bigquery/pull/15"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/google/sa360-webquery-bigquery","events":[{"introduced":"0"},{"fixed":"4926b5bf0e4be88f7a09badd145c50fa8a95e1cc"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.0.3"}]}}],"versions":["v0.1","v0.2","v1.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22571.json","vanir_signatures":[{"deprecated":false,"source":"https://github.com/google/sa360-webquery-bigquery/commit/4926b5bf0e4be88f7a09badd145c50fa8a95e1cc","id":"CVE-2021-22571-45800c44","target":{"file":"src/main/java/dswebquerytobigquery/Main.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["159168638336595708721673154875773726278","325862149686336641066736032358078015162","153997658848380419623054303846804581495","73040174286736684587523496137088279328","208394726691086455373502737262303465484","278576907254373107932816751855259969481","114241137384728991703316343360038406136","267848868928445095158001591048562077614","137832884837399626293965181156234492083","42238055403682909261988444147055137636","230975187409002805076182347538291262060","11941321835198631075197052936450207732"]},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/google/sa360-webquery-bigquery/commit/4926b5bf0e4be88f7a09badd145c50fa8a95e1cc","id":"CVE-2021-22571-784c3cf6","target":{"file":"src/main/java/dswebquerytobigquery/TransferRunner.java","function":"TransferRunner"},"signature_type":"Function","digest":{"length":162,"function_hash":"135611794718721112311748151606158646101"},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/google/sa360-webquery-bigquery/commit/4926b5bf0e4be88f7a09badd145c50fa8a95e1cc","id":"CVE-2021-22571-8eb11076","target":{"file":"src/main/java/dswebquerytobigquery/TransferRunner.java","function":"run"},"signature_type":"Function","digest":{"length":1311,"function_hash":"97429710028705945533296901904430370465"},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/google/sa360-webquery-bigquery/commit/4926b5bf0e4be88f7a09badd145c50fa8a95e1cc","id":"CVE-2021-22571-97aa33b5","target":{"file":"src/main/java/dswebquerytobigquery/Main.java","function":"main"},"signature_type":"Function","digest":{"length":687,"function_hash":"182125959561409364713516380644603386270"},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/google/sa360-webquery-bigquery/commit/4926b5bf0e4be88f7a09badd145c50fa8a95e1cc","id":"CVE-2021-22571-fa11eed3","target":{"file":"src/main/java/dswebquerytobigquery/TransferRunner.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["318320062275178695278933701144249268656","105750597585811656728482082562277981857","4044131017339525432162855424823860300","44897098811698679539363408748848799286","174715753745570461015657476997824348169","178581862103175343347412501375614327065","323317280225428632582488061576270970098","297956664326427619179052054608006383131","61935944256222034621709125341043632274","323836396457851028762472904314877956123","153114265587102687063316139515233538916","232737507143000513043711656228690070641","112459117389989427492872584856367214889","329941869044146715245756984436181910476","258565256580185795782653585982251292727","184943277673368324452055819539122688524","133985783513079861936935259837724778544","31107384804703130808215765040103550445","124385158008261504799333227580394576306","326156123718408573388646447638858612042","209189443765475584120392518436756884736","319187878347726663049751883222624773055","54369672108725319673321875699180672576","120413977487425044305844581316708140906","304758359063141318176708060025641086186","232215224164557378313543506403250821816"]},"signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T23:34:05Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}