datadog-api-client is vulnerable to information disclosure. The vulnerability exists through the function prepareDownloadFile
creating a temporary file with the permissions bits of -rw-r--r--
and the function downloadFileFromResponse
method downloading sensitive files into temporary directory shared between all local users on unix-like systems via the API using API client.
CPE | Name | Operator | Version |
---|---|---|---|
datadog-api-client | le | 1.0.0-beta.7 |