logo

Database

Insecure temporary files In io.quarkus.resteasy.reactive:resteasy-reactive-common-parent

Description

RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-04812. NVD-2023-04813. OSV-2023-04814. GHSA-j75r-vf64-6rrh5. GCVE-2023-0481

References

1. https://github.com/quarkusio/quarkus/pull/306942. https://github.com/quarkusio/quarkus/commit/95d5904f7cf18c8165b97d8ca03b203d7f69c17e

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-BBRS7 – Vulnerability | Fluid Attacks Database