OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.
References
Link | Resource |
---|---|
https://github.com/OpenAPITools/openapi-generator/pull/8795 | Patch Third Party Advisory |
https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-77cc-98mv | Patch Third Party Advisory |
Configurations
History
07 May 2021, 20:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 3.3 |
References | (CONFIRM) https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-77cc-98mv - Patch, Third Party Advisory | |
References | (MISC) https://github.com/OpenAPITools/openapi-generator/pull/8795 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:openapi-generator:openapi_generator:*:*:*:*:*:*:*:* |
27 Apr 2021, 20:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-27 20:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-21429
Mitre link : CVE-2021-21429
CVE.ORG link : CVE-2021-21429
JSON object : View
Products Affected
openapi-generator
- openapi_generator
CWE
CWE-552
Files or Directories Accessible to External Parties