In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Quarkus | Quarkus | * | 2.16.1 (excluding) |
Red Hat build of Quarkus 2.13.8.Final | RedHat | io.quarkus.resteasy.reactive/resteasy-reactive-common:2.13.8.Final-redhat-00004 | * |