Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
vuln-fix: Temporary Directory Hijacking or Information Disclosure (#128)
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh <[email protected]> Signed-off-by: Jonathan Leitschuh <[email protected]> Bug-tracker: JLLeitschuh/security-research#10 Co-authored-by: Moderne <[email protected]> Co-authored-by: Moderne <[email protected]> Co-authored-by: Asaf Mesika <[email protected]>
- Loading branch information