Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

对外部实体的文件或目录可访问

OpenAPI Generator 安全漏洞

OpenAPI Tools OpenAPI Generator是一款OpenAPI生成器。该产品允许在给定OpenAPI规范（v2，v3）的情况下自动生成API客户端库（SDK生成），服务器存根，文档和配置等。 OpenAPI Generator v5.1.0 存在安全漏洞，该漏洞源于OpenAPI Generator maven插件会创建不安全的临时文件。

N/A

N/A