Description
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
Remediation
References
https://github.com/quarkusio/quarkus/pull/30694
Related Vulnerabilities
CVE-2023-46998 Vulnerability in maven package org.webjars.npm:bootbox.js
CVE-2023-34464 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2022-35948 Vulnerability in npm package undici
CVE-2022-25839 Vulnerability in npm package url-js
CVE-2020-13935 Vulnerability in maven package org.apache.tomcat:tomcat-websocket