CVE-2023-0482: Insecure Temporary File in RESTEasy
(updated )
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
References
- github.com/advisories/GHSA-jrmh-v64j-mjm9
- github.com/orgs/resteasy/discussions/3415
- github.com/orgs/resteasy/discussions/3504
- github.com/orgs/resteasy/discussions/3506
- github.com/resteasy/Resteasy
- github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
- issues.redhat.com/browse/RESTEASY-3286
- nvd.nist.gov/vuln/detail/CVE-2023-0482
- security.netapp.com/advisory/ntap-20230427-0001
Code Behaviors & Features
Detect and mitigate CVE-2023-0482 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →