CVE-2021-21430
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-21430
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21430.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-21430
- Aliases
- Published
- 2021-05-10T20:15:07Z
- Modified
- 2024-10-12T06:30:51.484028Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using
File.createTempFilein JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators:java(jersey2, okhttp-gson (default library)),scala-finch. The issue has been patched withFiles.createTempFileand released in the v5.1.0 stable version. - References
Affected packages
Git / github.com/openapitools/openapi-generator
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openapitools/openapi-generator
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.17
swagger-codegen_2.*
swagger-codegen_2.9.1-1.1
swagger-codegen_2.9.1-2.0.0
swagger-codegen_2.9.1-2.0.1
v2.*
v2.0.13
v2.0.18
v2.1.0-M1
v2.1.0-M2
v2.1.1-M1
v2.1.2
v2.1.2-M1
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.3.0
v2.3.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v3.1.1
v3.1.2
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v4.*
v4.0.0
v4.0.0-beta2
v4.0.0-beta3
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.3.0
v4.3.1
v5.*
v5.0.0
v5.0.0-beta
v5.0.0-beta2
v5.0.0-beta3
v5.0.1
v5.1.0