CGA-77c7-2245-fqh7

Published

Last updated

https://images.chainguard.dev/security/CGA-77c7-2245-fqh7

Package

management-api-for-apache-cassandra

RepositoryWolfi

Latest Update

Under investigation

Aliases

Severity

Unknown

Summary

Insecure Temporary File in RESTEasy

Description

Impact

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Patches

Fixed in the following pull requests:

https://github.com/resteasy/resteasy/pull/3409 (7.0.0.Alpha1)
https://github.com/resteasy/resteasy/pull/3423 (6.2.3.Final)
https://github.com/resteasy/resteasy/pull/3412 (5.0.6.Final)
https://github.com/resteasy/resteasy/pull/3413 (4.7.8.Final)
https://github.com/resteasy/resteasy/pull/3410 (3.15.5.Final)

Workarounds

There is no workaround for this issue.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-77c7-2245-fqh7

Severity

Summary

Description

Impact

Patches

Workarounds

References

References

Updates

Products

Why Chainguard

Customers

Company

Resources