CVE-2020-17534

Name of the Vulnerable Software and Affected Versions: HTML/Java API versions 1.7 through 1.7

Description: There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in the webkit subproject. A similar issue has been disclosed in other Java projects. The fix creates the temporary directory atomically without dealing with the temporary file to avoid local privilege escalation.

Recommendations: For HTML/Java API versions 1.7 through 1.7, update to version 1.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the webkit subproject until the update is applied.