89 matches found
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This...
CVE-2021-21430
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...
CVE-2021-21430
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...
Design/Logic Flaw
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...
CVE-2021-21430
OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...
CVE-2021-21428
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
CVE-2021-21428
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
Design/Logic Flaw
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
CVE-2021-21428 Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
Openapi generator 安全漏洞
openapi-generator is a software application. It provides an open API interface. A security vulnerability exists in Openapi generator. The vulnerability arises when the program creates insecure temporary directories that can be read and appended by any user on the system...
PT-2021-14500 · Unknown · Openapi-Generator-Online
Name of the Vulnerable Software and Affected Versions: openapi-generator-online versions prior to 5.1.0 Description: The openapi-generator-online tool creates insecure temporary folders during the code generation process, allowing any user on the system to read and append to the auto-generated...
PT-2021-14502 · Unknown · Openapi Generator
Name of the Vulnerable Software and Affected Versions: OpenAPI Generator versions prior to 5.1.0 Description: The issue arises from the use of the JDK method File.createTempFile, which creates insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generate...
OpenAPI Tools OpenAPI Generator 安全漏洞
OpenAPI Tools OpenAPI Generator is an OpenAPI generator. The product allows automatic generation of API client libraries SDK generation, server stubs, documentation, configuration, etc. for a given OpenAPI specification v2, v3. A security vulnerability exists in Openapi generator. The vulnerabili...
CVE-2021-21429
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...
app.keyconnect.api:keyconnect-api (=1.0.0), app.keyconnect:keyconnect-rippled-api (=1.0.0) +7 more potentially affected by CVE-2021-21429 via org.openapitools:openapi-generator-maven-plugin (>=3.0.2 <=5.0.0)
org.openapitools:openapi-generator-maven-plugin MAVEN version =3.0.2, =4.1, =4.1, =1.1, =1.0.0, =3.0, =0.1.4, =0.1.8 Source cves: CVE-2021-21429 Source advisory: OSV:GHSA-867Q-77CC-98MV...
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Impact Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This...
GHSA-867Q-77CC-98MV Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Impact Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This...
Insecure Temporary File
org.openapitools, openapi-generator-maven-plugin uses insecure temporary file. The vulnerability exists due to the usage of the function File.createTempFile which allows an attacker can predict the name of the temporary file and potentially gain access to confidential information...
CVE-2021-21429
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...