RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

References

Published by the National Vulnerability Database Feb 24, 2023

Published to the GitHub Advisory Database Feb 24, 2023

Reviewed Feb 24, 2023

Last updated Nov 16, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code

Credits