GHSA-jrmh-v64j-mjm9 – org.jboss.resteasy:resteasy-multipart-provider

Package

Manager: maven
Name: org.jboss.resteasy:resteasy-multipart-provider
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Insecure Temporary File in RESTEasy # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2c6g-pfx3-w7h8. This link is maintained to preserve external references. # Original Description In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Metadata

Created: 2023-02-18T00:31:59Z
Modified: 2025-01-15T18:56:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-jrmh-v64j-mjm9/GHSA-jrmh-v64j-mjm9.json
CWE IDs: ["CWE-378"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0