Michael Kimball

**Name of the Vulnerable Software and Affected Versions** Spring Cloud Contract versions 3.1.x prior to 3.1.10 Spring Cloud Contract versions 4.0.x prior to 4.0.5 Spring Cloud Contract versions 4.1.x prior to 4.1.1 **Description** The issue concerns local information disclosure via a temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. This affects test execution in the specified versions of Spring Cloud Contract. **Recommendations** For versions 3.1.x prior to 3.1.10, update to version 3.1.10 or later. For versions 4.0.x prior to 4.0.5, update to version 4.0.5 or later. For versions 4.1.x prior to 4.1.1, update to version 4.1.1 or later.