Описание
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| resteasy | unfixed | package | ||
| resteasy3.0 | unfixed | package | ||
| resteasy3.0 | ignored | trixie | package | |
| resteasy3.0 | ignored | bookworm | package | |
| resteasy3.0 | no-dsa | bullseye | package | |
| resteasy3.0 | no-dsa | buster | package |
Примечания
https://github.com/resteasy/resteasy/pull/3409/
https://github.com/resteasy/resteasy/commit/3d8a551d80b98f185edaff6f895188ec8211366b
EPSS
Связанные уязвимости
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Уязвимость программного средства RESTEasy, связанная с cозданием временных файлов с небезопасными разрешениями, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS