CVE-2022-21230

Name of the Vulnerable Software and Affected Versions org.nanohttpd:nanohttpd (affected versions not specified)

Description The issue affects the parsing of HTTP request bodies. When the body exceeds 1024 bytes, it is written to a RandomAccessFile with insecure permissions, allowing all users on the host machine to view its contents.

Recommendations For all affected versions, as a temporary workaround, consider manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user.