Vulnerability Description
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openapi-Generator | Openapi Generator | < 5.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/OpenAPITools/openapi-generator/pull/8795PatchThird Party Advisory
- https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-PatchThird Party Advisory
- https://github.com/OpenAPITools/openapi-generator/pull/8795PatchThird Party Advisory
- https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-867q-PatchThird Party Advisory
FAQ
What is CVE-2021-21429?
CVE-2021-21429 is a vulnerability with a CVSS score of 4.0 (MEDIUM). OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creati...
How severe is CVE-2021-21429?
CVE-2021-21429 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21429?
Check the references section above for vendor advisories and patch information. Affected products include: Openapi-Generator Openapi Generator.