635 matches found
CVE-2021-21430 Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...
CVE-2021-21430
OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...
CVE-2021-21428
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
CVE-2021-21428
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
Design/Logic Flaw
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
CVE-2021-21428
CVE-2021-21428 affects the OpenAPI Generator project. The issue originates in the openapi-generator-online component, where temporary folders/files were created using File.createTempFile, allowing other users on the same system to read and potentially modify the auto-generated files. Root cause d...
CVE-2021-21428 Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
PT-2021-14500 · Unknown · Openapi-Generator-Online
Name of the Vulnerable Software and Affected Versions: openapi-generator-online versions prior to 5.1.0 Description: The openapi-generator-online tool creates insecure temporary folders during the code generation process, allowing any user on the system to read and append to the auto-generated...
Openapi generator 安全漏洞
openapi-generator is a software application. It provides an open API interface. A security vulnerability exists in Openapi generator. The vulnerability arises when the program creates insecure temporary directories that can be read and appended by any user on the system...
PT-2021-14502 · Unknown · Openapi Generator
Name of the Vulnerable Software and Affected Versions: OpenAPI Generator versions prior to 5.1.0 Description: The issue arises from the use of the JDK method File.createTempFile, which creates insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generate...
OpenAPI Tools OpenAPI Generator 安全漏洞
OpenAPI Tools OpenAPI Generator is an OpenAPI generator. The product allows automatic generation of API client libraries SDK generation, server stubs, documentation, configuration, etc. for a given OpenAPI specification v2, v3. A security vulnerability exists in Openapi generator. The vulnerabili...
@aikosia/automaton (>=0.6.0 <=0.8.1), @aikosia/automaton-cli (>=0.2.1 <=0.3.5) +27 more potentially affected by CVE-2020-7718 via gammautils (>=0.0.2 <=0.0.81)
gammautils NPM version =0.0.2, =0.6.0, =0.2.1, =0.9.0, =0.1.5, =1.0.49, =9.0.0, =0.1.44, =0.1.22, =0.1.20, =1.0.1, =0.0.9, =0.0.7, =0.0.8 and more Source cves: CVE-2020-7718 Source advisory: OSV:GHSA-PGMG-GF5P-54J8...
CVE-2021-21429
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...
app.keyconnect.api:keyconnect-api (=1.0.0), app.keyconnect:keyconnect-rippled-api (=1.0.0) +7 more potentially affected by CVE-2021-21429 via org.openapitools:openapi-generator-maven-plugin (>=3.0.2 <=5.0.0)
org.openapitools:openapi-generator-maven-plugin MAVEN version =3.0.2, =4.1, =4.1, =1.1, =1.0.0, =3.0, =0.1.4, =0.1.8 Source cves: CVE-2021-21429 Source advisory: OSV:GHSA-867Q-77CC-98MV...
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Impact Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This...
GHSA-867Q-77CC-98MV Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Impact Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This...
Insecure Temporary File
org.openapitools, openapi-generator-maven-plugin uses insecure temporary file. The vulnerability exists due to the usage of the function File.createTempFile which allows an attacker can predict the name of the temporary file and potentially gain access to confidential information...
CVE-2021-21429
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...
CVE-2021-21429
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...
Design/Logic Flaw
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...