Session fixation

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...

CVE-2022-24913

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...

Temporary File Information Disclosure vulnerability in MPXJ

Impact On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file...

Information Disclosure

generator-maven-plugin is vulnerable to information disclosure. The use of the function File.createTempFile allows an attacker to predict the name of the temporary file and to gain access to the confidential information...

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

CVE-2021-21430

OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...

CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin

Impact Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This...

Insecure Temporary File

org.openapitools, openapi-generator-maven-plugin uses insecure temporary file. The vulnerability exists due to the usage of the function File.createTempFile which allows an attacker can predict the name of the temporary file and potentially gain access to confidential information...

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

Information disclosure

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are...

CVE-2021-28168

CVE-2021-28168 affects Eclipse Jersey 2.28–2.33 and 3.0.0–3.0.1, where File.createTempFile creates a world-readable file in the system temp directory (-rw-r--r--). Local attackers could view sensitive contents. The connected IBM PEM advisory confirms disclosure risk and notes fixes via updated Je...

CVE-2021-28100

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process...

CVE-2021-28100

Summary: Priam creates temporary files with permissions -rw-r--r-- via File.createTempFile, enabling a local attacker with read access to view contents written by Priam. The discloseable data could reside in files created during backup/restore processes. Affected locations include MetaData.java, ...

Privilege Escalation

swagger-generator is vulnerable to privilege escalation. The use of method File.createTempFile allows an attacker to append the contents of the outputFolder, thereby leading to an execution of attacker controlled code if the code is written to this directory...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:0828-1)

This version upgrade of java-160-openjdk fixes multiple security flaws : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability...

SuSE 11.1 Security Update : java-1_6_0-openjdk (SAT Patch Number 6437)

java-160-openjdk was updated to the IcedTea 1.11.3 release, fixing multiple security issues : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716:...

Fedora 16 : java-1.6.0-openjdk-1.6.0.0-67.1.11.3.fc16 (2012-9545)

Security fixes S7079902, CVE-2012-1711: Refine CORBA data models S7110720: Issue with vm config file loadingIssue with vm config file loading S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. S7143614, CVE-2012-1716: SynthLookAndFeel...

Fedora 16 : java-1.7.0-openjdk-1.7.0.3-2.2.1.fc16.7 (2012-9593)

S7079902, CVE-2012-1711: Refine CORBA data models S7110720: Issue with vm config file loadingIssue with vm config file loading S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. S7143614, CVE-2012-1716: SynthLookAndFeel stability improveme...

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)

OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of security issues. It fixes at least: 4486841 UTF8 decoder should adhere to corrigendum to Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory info CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA...