CVE-2021-21429

Published: Apr 27, 2021Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.

Affected (1)

Products: Openapi Generator: Openapi Generator

Openapi Generator

1 product

Openapi Generator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openapi Generator Openapi Generator	Before 5.1.0

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (4)

https://github.com/OpenAPITools/openapi-generator/pull/8795

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-77cc-98mv

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/OpenAPITools/openapi-generator/pull/8795

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-77cc-98mv

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.