Описание
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.16.1 (исключая)
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
3.3 Low
CVSS3
Дефекты
CWE-378
CWE-668
Связанные уязвимости
CVSS3: 5.3
redhat
около 3 лет назад
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
CVSS3: 3.3
github
почти 3 года назад
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
EPSS
Процентиль: 12%
0.0004
Низкий
3.3 Low
CVSS3
Дефекты
CWE-378
CWE-668