How severe is CVE-2021-21430?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-21430?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2021-21430

MEDIUM Year: 2021

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-269

View all →

Vulnerability Description

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` (jersey2, okhttp-gson (default library)), `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.

CVE-2014-1496

MEDIUM

CVSS:5.5(Medium)

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during ...

CWE-2692014

CVE-2015-9267

MEDIUM

CVSS:5.5(Medium)

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the...

CWE-2692015

CVE-2017-10689

MEDIUM

CVSS:5.5(Medium)

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

CWE-2692017

CVE-2017-11747

MEDIUM

CVSS:5.5(Medium)

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveragi...

CWE-2692017

CVE-2017-5409

MEDIUM

CVSS:5.5(Medium)

The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which ...

CWE-2692017

CVE-2017-7767

MEDIUM

CVSS:5.5(Medium)

The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileg...

CWE-2692017

CVE-2021-21430

Vulnerability Description

Related Vulnerabilities

CVE-2014-1496

CVE-2015-9267

CVE-2017-10689

CVE-2017-11747

CVE-2017-5409

CVE-2017-7767