GHSA-j75r-vf64-6rrh, CVE-2023-0481
maven/io.quarkus.resteasy.reactive/resteasy-reactive-common
Exposure of Resource to Wrong Sphere
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
All versions before 3.0.0.alpha4
Upgrade to version 3.0.0.Alpha4 or above.
2023-11-17
source |