CVE-2021-21429

Name of the Vulnerable Software and Affected Versions OpenAPI Generator versions prior to 5.1.0

Description The issue arises from using File.createTempFile in JDK, resulting in the creation of insecure temporary files. This can leave application and system data vulnerable to attacks, specifically impacting unix-like systems where the local system temporary directory is shared between all users. The OpenAPI Generator Maven plug-in creates these insecure temporary files during the code generation process to store OpenAPI specification files, potentially disclosing the contents of the specification file to other local users.

Recommendations For versions prior to 5.1.0, update to the v5.1.0 stable version, which patches the issue with Files.createTempFile.