com.datadoghq:datadog-api-client@1.0.0-beta.7 vulnerabilities

latest version

2.24.0
latest non vulnerable version

2.24.0
first published

4 years ago
latest version published

14 days ago
licenses detected
- Apache-2.0
  [1.0.0-beta10,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.datadoghq:datadog-api-client package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Information Disclosure com.datadoghq:datadog-api-client is a Java client library for Datadog API Affected versions of this package are vulnerable to Information Disclosure. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. The method `prepareDownloadFilecreates` creates a temporary file with the permissions bits of `-rw-r--r--` on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded via the `downloadFileFromResponse` method will be visible to all other users on the local system. Analysis of the finding determined that the affected code was unused, meaning that the exploitation likelihood is low. The unused code has been removed, effectively mitigating this issue. How to fix Information Disclosure? Upgrade `com.datadoghq:datadog-api-client` to version 1.0.0-beta.9 or higher.	[,1.0.0-beta.9)

Information Disclosure

com.datadoghq:datadog-api-client is a Java client library for Datadog API

Affected versions of this package are vulnerable to Information Disclosure. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded via the downloadFileFromResponse method will be visible to all other users on the local system.

Analysis of the finding determined that the affected code was unused, meaning that the exploitation likelihood is low. The unused code has been removed, effectively mitigating this issue.

How to fix Information Disclosure?

Upgrade com.datadoghq:datadog-api-client to version 1.0.0-beta.9 or higher.

[,1.0.0-beta.9)

Go back to all versions of this package

com.datadoghq:datadog-api-client@1.0.0-beta.7 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities