Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2021/05/11 12:5 a.m.65 views

Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

6.2CVSS0.3AI score0.00404EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/05/11 12:5 a.m.79 views

GHSA-CQXR-XF2W-943W Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

6.2CVSS5.9AI score0.00404EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2021/03/11 3:9 a.m.11 views

ai.konduit.serving:konduit-serving-clients (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-distro-bom (>=0.0.2 <=0.3.0) +195 more potentially affected by CVE-2021-21364 via io.swagger:swagger-codegen (>=2.1.1 <=2.4.18)

io.swagger:swagger-codegen MAVEN version =2.1.1, =0.0.2, =0.0.2, =0.1-1, =1.1, =0.1.13, =1.0.1, =1.1, =1.3, =0.12, =1.1.6, =1.1.7 and more Source cves: CVE-2021-21364 Source advisory: OSV:GHSA-HPV8-9RQ5-HQ7W...

5.5CVSS6.3AI score0.00282EPSS
Exploits0
Cvelist
Cvelist
added 2021/03/11 3:5 a.m.38 views

CVE-2021-21363 Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary...

5.3CVSS6.6AI score0.00414EPSS
Exploits1References2
CVE
CVE
added 2021/03/11 3:5 a.m.121 views

CVE-2021-21364

CVE-2021-21364 affects the open-source project swagger-codegen. On Unix-like systems, prior to version 2.4.19, a shared system temporary directory allows a local attacker to observe or exploit the creation of temporary files/directories with default permissions, enabling potential data exposure o...

5.5CVSS5.3AI score0.00282EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder