Skip to main content

Insecure Temporary File


Severity Medium
Score 5.5/10


When Akka HTTP in versions prior to 10.5.2 accepts file uploads via the "FileUploadDirectives.fileUploadAll" directive, the temporary file it creates has too weak permissions. It is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.

  • LOW
  • NONE
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-377 - Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Advisory Timeline

  • Published