io.swagger:swagger-codegen@2.4.4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the io.swagger:swagger-codegen package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

Affected versions of this package are vulnerable to Information Exposure. On unix-like systems, the temporary directory is shared between all users. As such, writing to this directory using API's that do not explicitly set the file/directory permissions can lead to information disclosure. When files/directories are created using the File.createTempFile method, the default umask settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions -rw-r--r-- and drwxr-xr-x respectively, unless an API that explicitly sets safe file permissions is used.

How to fix Information Exposure?

Upgrade io.swagger:swagger-codegen to version 2.4.19 or higher.