1. CVE-Search
  2. CVE-2021-21430
ID CVE-2021-21430
Summary OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` (jersey2, okhttp-gson (default library)), `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.
References
Vulnerable Configurations
  • cpe:2.3:a:openapi-generator:openapi_generator:-:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.0:milestone1:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.0:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.0:milestone2:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.0:milestone2:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.1:milestone1:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.1:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.2:milestone1:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.2:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.0.0:beta:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:5.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:5.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:5.0.0:beta:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:5.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:5.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:5.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:5.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:5.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openapi-generator:openapi_generator:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openapi-generator:openapi_generator:5.1.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 24-10-2022 - 20:46)
Impact:
Exploitability:
CWE CWE-668
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
Last major update 24-10-2022 - 20:46
Published 10-05-2021 - 20:15
Last modified 24-10-2022 - 20:46
Back to Top