CVE-2023-0482: Insecure Temporary File in RESTEasy

February 18, 2023

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

References

github.com/advisories/GHSA-jrmh-v64j-mjm9
github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
issues.redhat.com/browse/RESTEASY-3286
nvd.nist.gov/vuln/detail/CVE-2023-0482

Detect and mitigate CVE-2023-0482 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →