|author||Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>||Fri Nov 18 22:42:36 2022 +0000|
|committer||Sylwester Lachiewicz <firstname.lastname@example.org>||Mon Mar 13 01:57:46 2023 +0100|
vuln-fix: Temporary File Information Disclosure This fixes temporary file information disclosure vulnerability due to the use of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by using the `Files.createTempFile()` method which sets the correct posix permissions. Weakness: CWE-377: Insecure Temporary File Severity: Medium CVSSS: 5.5 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/18 Co-authored-by: Moderne <email@example.com>
You have found a bug or you have an idea for a cool new feature? Contributing code is a great way to give something back to the open source community. Before you dig right into the code, there are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
We accept Pull Requests via GitHub. The developer mailing list is the main channel of communication for contributors.
There are some guidelines which will make applying PRs easier for us:
git diff --checkbefore committing.
[MSHARED-XXX] - Subject of the JIRA Ticket Optional supplemental description.
mvn -Prun-its verifyto assure nothing else was accidentally broken.
If you plan to contribute on a regular basis, please consider filing a contributor license agreement.
For changes of a trivial nature to comments and documentation, it is not always necessary to create a new ticket in JIRA. In this case, it is appropriate to start the first line of a commit with ‘(doc)’ instead of a ticket number.