Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Vulnerability Description
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` (jersey2, okhttp-gson (default library)), `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
OpenAPI Tools OpenAPI Generator 安全漏洞
Vulnerability Description
OpenAPI Tools OpenAPI Generator是一款OpenAPI生成器。该产品允许在给定OpenAPI规范(v2,v3)的情况下自动生成API客户端库(SDK生成),服务器存根,文档和配置等。 Openapi generator 存在安全漏洞。该漏洞源于程序在创建不安全的临时目录时,这些临时文件可能会使应用程序和系统数据容易受到攻击。
CVSS Information
N/A
Vulnerability Type
N/A