Insecure Temporary File Affecting org.openapitools:openapi-generator-maven-plugin package, versions [,5.1.0)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGOPENAPITOOLS-1277191
- published 28 Apr 2021
- disclosed 28 Apr 2021
- credit Jonathan Leitschuh
How to fix?
Upgrade org.openapitools:openapi-generator-maven-plugin to version 5.1.0 or higher.
Overview
org.openapitools:openapi-generator-maven-plugin is an It allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)
Affected versions of this package are vulnerable to Insecure Temporary File. Using File.createTempFile in JDK results in creating and using insecure temporary files that can leave application and system data vulnerable to attacks.
Note: Only impacts unix-like systems where the local system temporary directory is shared between all users. Does not impact Windows or modern versions of MacOS.