CVE-2021-21430

Name of the Vulnerable Software and Affected Versions OpenAPI Generator versions prior to 5.1.0

Description The issue arises from the use of the JDK method File.createTempFile, which creates insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code in Java and Scala that deals with uploading or downloading binary data through API endpoints will create these insecure temporary files during the process. For example, if an API endpoint returns a PDF file, the auto-generated clients will first download the PDF into an insecure temporary file that can be read by anyone on the system.

Recommendations For versions prior to 5.1.0, update to the v5.1.0 stable version, which patches the issue by changing the generated code to use the JDK method Files.createTempFile. As a temporary workaround, consider restricting access to the temporary files created by the auto-generated code to minimize the risk of exploitation.