CVE-2021-21428

Name of the Vulnerable Software and Affected Versions openapi-generator-online versions prior to 5.1.0

Description The openapi-generator-online tool creates insecure temporary folders during the code generation process, allowing any user on the system to read and append to the auto-generated files. This issue can lead to local privilege escalation, as an attacker can observe the creation of a temporary subdirectory and race to complete its creation, potentially executing attacker-controlled code. The vulnerability exists due to a race condition between the deletion of a randomly generated temporary file and the creation of the temporary directory.

Recommendations For versions prior to 5.1.0, update to the v5.1.0 stable version, which patches the issue by using Files.createTempFile instead of File.createTempFile. As a temporary workaround, consider restricting access to the temporary directory to minimize the risk of exploitation.