Common Weakness Enumeration

CWE-377

Allowed-with-Review

Insecure Temporary File

Abstraction: Class · Status: Incomplete

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

170 vulnerabilities reference this CWE, most recent first.

CVE-2012-2666 (GCVE-0-2012-2666)

Vulnerability from cvelistv5 – Published: 2021-07-09 10:50 – Updated: 2024-08-06 19:42
VLAI
Summary
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a go/golang Affected: go/golang 1.0.2
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:42:31.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=765455"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codereview.appspot.com/5992078"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "go/golang",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "go/golang 1.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-377",
              "description": "CWE-377",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-02T08:06:40.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=765455"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codereview.appspot.com/5992078"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210902-0009/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2666",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "go/golang",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "go/golang 1.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-377"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666",
              "refsource": "MISC",
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=765455",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=765455"
            },
            {
              "name": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd",
              "refsource": "MISC",
              "url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd"
            },
            {
              "name": "https://codereview.appspot.com/5992078",
              "refsource": "MISC",
              "url": "https://codereview.appspot.com/5992078"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210902-0009/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210902-0009/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2666",
    "datePublished": "2021-07-09T10:50:05.000Z",
    "dateReserved": "2012-05-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:42:31.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4119 (GCVE-0-2011-4119)

Vulnerability from cvelistv5 – Published: 2021-10-26 12:11 – Updated: 2024-08-07 00:01
VLAI
Summary
caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a caml-light Affected: caml-light <= 0.75
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:50.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2011/q4/249"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://gnats.netbsd.org/45558"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "caml-light",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "caml-light \u003c= 0.75"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "caml-light \u003c= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-377",
              "description": "CWE-377",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-26T12:11:15.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/oss-sec/2011/q4/249"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://gnats.netbsd.org/45558"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-4119",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "caml-light",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "caml-light \u003c= 0.75"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "caml-light \u003c= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-377"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://seclists.org/oss-sec/2011/q4/249",
              "refsource": "MISC",
              "url": "https://seclists.org/oss-sec/2011/q4/249"
            },
            {
              "name": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html",
              "refsource": "MISC",
              "url": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html"
            },
            {
              "name": "http://gnats.netbsd.org/45558",
              "refsource": "MISC",
              "url": "http://gnats.netbsd.org/45558"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4119",
    "datePublished": "2021-10-26T12:11:15.000Z",
    "dateReserved": "2011-10-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:01:50.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-23X4-M842-FMWF

Vulnerability from github – Published: 2021-05-11 00:04 – Updated: 2023-06-30 20:30
VLAI
Summary
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Details

Impact

On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory.

This vulnerability is local privilege escalation because the contents of the outputFolder can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled.

openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system.

Vulnerable Code

https://github.com/OpenAPITools/openapi-generator/blob/c6530519975341d7784a252132b2f0854f488901/modules/openapi-generator-online/src/main/java/org/openapitools/codegen/online/service/Generator.java#L184-L187

This vulnerability exists due to a race condition between the deletion of the randomly generated temporary file and the creation of the temporary directory.

File outputFolder = File.createTempFile("codegen-", "-tmp"); // Attacker knows the full path of the file that will be generated
// delete the file that was created
outputFolder.delete(); // Attacker sees file is deleted and begins a race to create their own directory before the code generator
// and make a directory of the same name
// SECURITY VULNERABILITY: Race Condition! - Attacker beats the code generator and now owns this directory
outputFolder.mkdir();

Patches

The issue has been patched by changing the underlying logic to use Files.createTempFile and has been released in the v5.1.0 stable version.

This vulnerability has the same root cause as CVE-2021-21363 from the swagger-api/swagger-codegen project as this project and that one both share the same original source tree. See: https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j

For more information

If you have any questions or comments about this advisory: * Open an issue in OpenAPI Generator Github repo * Email us at security@openapitools.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.openapitools:openapi-generator-online"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-377",
      "CWE-378",
      "CWE-379",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-10T18:52:04Z",
    "nvd_published_at": "2021-05-10T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nOn Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory.\n\nThis vulnerability is local privilege escalation because the contents of the outputFolder can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled.\n\nopenapi-generator-online creates insecure temporary folders with `File.createTempFile` during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system.\n\n### Vulnerable Code\n\nhttps://github.com/OpenAPITools/openapi-generator/blob/c6530519975341d7784a252132b2f0854f488901/modules/openapi-generator-online/src/main/java/org/openapitools/codegen/online/service/Generator.java#L184-L187\n\nThis vulnerability exists due to a race condition between the deletion of the randomly generated temporary file and the creation of the temporary directory.\n\n```java\nFile outputFolder = File.createTempFile(\"codegen-\", \"-tmp\"); // Attacker knows the full path of the file that will be generated\n// delete the file that was created\noutputFolder.delete(); // Attacker sees file is deleted and begins a race to create their own directory before the code generator\n// and make a directory of the same name\n// SECURITY VULNERABILITY: Race Condition! - Attacker beats the code generator and now owns this directory\noutputFolder.mkdir();\n```\n\n### Patches\nThe issue has been patched by changing the underlying logic to use `Files.createTempFile` and has been released in the v5.1.0 stable version.\n\nThis vulnerability has the same root cause as CVE-2021-21363 from the `swagger-api/swagger-codegen` project as this project and that one both share the same original source tree.\nSee: https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [OpenAPI Generator Github repo](https://github.com/openAPITools/openapi-generator/)\n* Email us at [security@openapitools.org](mailto:security@openapitools.org)",
  "id": "GHSA-23x4-m842-fmwf",
  "modified": "2023-06-30T20:30:26Z",
  "published": "2021-05-11T00:04:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-23x4-m842-fmwf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21428"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/pull/8788"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenAPITools/openapi-generator"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/blob/c6530519975341d7784a252132b2f0854f488901/modules/openapi-generator-online/src/main/java/org/openapitools/codegen/online/service/Generator.java#L184-L187"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator"
}

GHSA-259V-FW35-W989

Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2022-04-23 00:40
VLAI
Details

golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-2666"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-09T11:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.",
  "id": "GHSA-259v-fw35-w989",
  "modified": "2022-04-23T00:40:50Z",
  "published": "2022-04-23T00:40:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2666"
    },
    {
      "type": "WEB",
      "url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=765455"
    },
    {
      "type": "WEB",
      "url": "https://codereview.appspot.com/5992078"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210902-0009"
    },
    {
      "type": "WEB",
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-282V-666C-3FVG

Vulnerability from github – Published: 2023-05-18 18:30 – Updated: 2024-11-22 20:34
VLAI
Summary
transformers has Insecure Temporary File
Details

Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "transformers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.30.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-2800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-19T13:27:42Z",
    "nvd_published_at": "2023-05-18T17:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.",
  "id": "GHSA-282v-666c-3fvg",
  "modified": "2024-11-22T20:34:48Z",
  "published": "2023-05-18T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2800"
    },
    {
      "type": "WEB",
      "url": "https://github.com/huggingface/transformers/pull/23372"
    },
    {
      "type": "WEB",
      "url": "https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/huggingface/transformers"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-299.yaml"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "transformers has Insecure Temporary File"
}

GHSA-2CXP-XQ3C-MJXX

Vulnerability from github – Published: 2026-04-22 18:31 – Updated: 2026-07-06 19:50
VLAI
Summary
Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references.

Original Description

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "coreutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T22:53:30Z",
    "nvd_published_at": "2026-04-22T17:16:36Z",
    "severity": "LOW"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references.\n\n### Original Description\nThe mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.",
  "id": "GHSA-2cxp-xq3c-mjxx",
  "modified": "2026-07-06T19:50:32Z",
  "published": "2026-04-22T18:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35342"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/pull/10566"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/commit/eb25ec328b226d8fbbaa4058bf9187165bf06d51"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: uutils coreutils\u0027 mktemp utility doesn\u0027t properly handle an empty TMPDIR environment variable",
  "withdrawn": "2026-07-06T19:50:32Z"
}

GHSA-2H63-R9G4-JVHV

Vulnerability from github – Published: 2026-04-28 15:30 – Updated: 2026-04-28 18:30
VLAI
Details

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-67223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-28T15:16:06Z",
    "severity": "HIGH"
  },
  "details": "The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.",
  "id": "GHSA-2h63-r9g4-jvhv",
  "modified": "2026-04-28T18:30:32Z",
  "published": "2026-04-28T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67223"
    },
    {
      "type": "WEB",
      "url": "https://arandasoft.com/en/productos/aranda-service-management"
    },
    {
      "type": "WEB",
      "url": "https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/brandonperezlara/CVE-2025-67223"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2MXR-RC97-XRJ2

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-10 00:02
VLAI
Summary
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
Details

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "net.sf.robocode:robocode.battle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.5.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-14307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-10T00:02:37Z",
    "nvd_published_at": "2025-12-09T16:17:38Z",
    "severity": "CRITICAL"
  },
  "details": "An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.",
  "id": "GHSA-2mxr-rc97-xrj2",
  "modified": "2025-12-10T00:02:37Z",
  "published": "2025-12-09T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14307"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robo-code/robocode/pull/68"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robo-code/robocode/commit/9f882bba2a9cd91da57c16b98699f8cc9b354f3a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/robo-code/robocode"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Robocode has an insecure temporary file creation vulnerability in the AutoExtract component"
}

GHSA-2W8R-9XJ7-69J5

Vulnerability from github – Published: 2026-07-06 19:50 – Updated: 2026-07-06 19:50
VLAI
Summary
mktemp: empty TMPDIR creates temp files in CWD instead of /tmp
Details

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.


Zellic finding 3.11. Reported in the Zellic uutils coreutils Program Security Assessment (for Canonical, Jan 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "uu_mktemp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35342"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-06T19:50:41Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.\n\n---\n_Zellic finding 3.11. Reported in the Zellic *uutils coreutils Program Security Assessment* (for Canonical, Jan 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`._",
  "id": "GHSA-2w8r-9xj7-69j5",
  "modified": "2026-07-06T19:50:41Z",
  "published": "2026-07-06T19:50:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/security/advisories/GHSA-2w8r-9xj7-69j5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35342"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/pull/10566"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/commit/eb25ec328b226d8fbbaa4058bf9187165bf06d51"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "mktemp: empty TMPDIR creates temp files in CWD instead of /tmp"
}

GHSA-38H8-X697-GH8Q

Vulnerability from github – Published: 2018-11-09 17:45 – Updated: 2023-09-07 20:13
VLAI
Summary
Tmp files readable by other users in sync-exec
Details

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege user.

Recommendation

There is currently no direct patch for sync-exec, as the child_process.execSync function provided in Node.js v0.12.0 and later provides the same functionality natively.

The best mitigation currently is to update to Node.js v0.12.0 or later, and migrate all uses of sync-exec to child_process.execSync().

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sync-exec"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:54:36Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Affected versions of `sync-exec` use files located in `/tmp/` to buffer command results before returning values. As `/tmp/` is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via `sync-exec` under a higher privilege user.\n\n\n## Recommendation\n\nThere is currently no direct patch for `sync-exec`, as the `child_process.execSync` function provided in Node.js v0.12.0 and later provides the same functionality natively. \n\nThe best mitigation currently is to update to Node.js v0.12.0 or later, and migrate all uses of `sync-exec` to `child_process.execSync()`.",
  "id": "GHSA-38h8-x697-gh8q",
  "modified": "2023-09-07T20:13:49Z",
  "published": "2018-11-09T17:45:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16024"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gvarsanyi/sync-exec/issues/17"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/377.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-38h8-x697-gh8q"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/310"
    },
    {
      "type": "WEB",
      "url": "https://www.owasp.org/index.php/Insecure_Temporary_File"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Tmp files readable by other users in sync-exec"
}

No mitigation information available for this CWE.

CAPEC-149: Explore for Predictable Temporary File Names

An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.

CAPEC-155: Screen Temporary Files for Sensitive Information

An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.