CVE-2023-0481

Exposure of Resource to Wrong Sphere in maven/io.quarkus.resteasy.reactive/resteasy-reactive-common

Identifiers

GHSA-j75r-vf64-6rrh, CVE-2023-0481

Package Slug

maven/io.quarkus.resteasy.reactive/resteasy-reactive-common

Vulnerability

Exposure of Resource to Wrong Sphere

Description

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

Affected Versions

All versions before 3.0.0.alpha4

Solution

Upgrade to version 3.0.0.Alpha4 or above.

Last Modified

2023-11-17

source