Insecure Temporary File
CVE-2023-33251
Summary
When Akka HTTP in versions prior to 10.5.2 accepts file uploads via the "FileUploadDirectives.fileUploadAll" directive, the temporary file it creates has too weak permissions. It is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-377 - Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
References
Advisory Timeline
- Published