Description
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
Remediation
References
https://github.com/quarkusio/quarkus/pull/30694
Related Vulnerabilities
CVE-2019-12418 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone-components
CVE-2016-10735 Vulnerability in maven package fr.norad.bootstrap:bootstrap
CVE-2017-18077 Vulnerability in npm package brace-expansion
CVE-2023-2138 Vulnerability in npm package @nuxtlabs/github-module