Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qcm1oLXY2NGotbWptOc4AAxuY
Insecure Temporary File in RESTEasy
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Permalink: https://github.com/advisories/GHSA-jrmh-v64j-mjm9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcm1oLXY2NGotbWptOc4AAxuY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-jrmh-v64j-mjm9, CVE-2023-0482
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-0482
- https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
- https://issues.redhat.com/browse/RESTEASY-3286
- https://security.netapp.com/advisory/ntap-20230427-0001/
- https://github.com/advisories/GHSA-jrmh-v64j-mjm9
Blast Radius: 13.4
Affected Packages
maven:org.jboss.resteasy:resteasy-undertow
Dependent packages: 65Dependent repositories: 269
Downloads:
Affected Version Ranges: <= 6.2.2.Final
No known fixed version
All affected versions: