Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jboss.resteasy/resteasy-multipart-provider@6.0.0.Beta1
Typemaven
Namespaceorg.jboss.resteasy
Nameresteasy-multipart-provider
Version6.0.0.Beta1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.2.3.Final
Latest_non_vulnerable_version6.2.3.Final
Affected_by_vulnerabilities
0
url VCID-ka7b-vp4z-d7bu
vulnerability_id VCID-ka7b-vp4z-d7bu
summary 
Insecure Temporary File in RESTEasy
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
references
0
reference_url https://github.com/orgs/resteasy/discussions/3415
reference_id
reference_type
scores
url https://github.com/orgs/resteasy/discussions/3415
1
reference_url https://github.com/orgs/resteasy/discussions/3504
reference_id
reference_type
scores
url https://github.com/orgs/resteasy/discussions/3504
2
reference_url https://github.com/orgs/resteasy/discussions/3506
reference_id
reference_type
scores
url https://github.com/orgs/resteasy/discussions/3506
3
reference_url https://github.com/resteasy/Resteasy
reference_id
reference_type
scores
url https://github.com/resteasy/Resteasy
4
reference_url https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
reference_id
reference_type
scores
url https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
5
reference_url https://issues.redhat.com/browse/RESTEASY-3286
reference_id
reference_type
scores
url https://issues.redhat.com/browse/RESTEASY-3286
6
reference_url https://security.netapp.com/advisory/ntap-20230427-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230427-0001
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0482
reference_id CVE-2023-0482
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0482
8
reference_url https://github.com/advisories/GHSA-jrmh-v64j-mjm9
reference_id GHSA-jrmh-v64j-mjm9
reference_type
scores
url https://github.com/advisories/GHSA-jrmh-v64j-mjm9
fixed_packages
0
url pkg:maven/org.jboss.resteasy/resteasy-multipart-provider@6.2.3.Final
purl pkg:maven/org.jboss.resteasy/resteasy-multipart-provider@6.2.3.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-multipart-provider@6.2.3.Final
aliases CVE-2023-0482, GHSA-jrmh-v64j-mjm9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ka7b-vp4z-d7bu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-multipart-provider@6.0.0.Beta1