CWE-377
Allowed-with-ReviewInsecure Temporary File
Abstraction: Class · Status: Incomplete
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
170 vulnerabilities reference this CWE, most recent first.
CVE-2012-2666 (GCVE-0-2012-2666)
Vulnerability from cvelistv5 – Published: 2021-07-09 10:50 – Updated: 2024-08-06 19:42| URL | Tags |
|---|---|
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
| https://bugzilla.suse.com/show_bug.cgi?id=765455 | x_refsource_MISC |
| https://github.com/golang/go/commit/8ac275bb01588… | x_refsource_MISC |
| https://codereview.appspot.com/5992078 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021090… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=765455"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codereview.appspot.com/5992078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "go/golang",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "go/golang 1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T08:06:40.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=765455"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codereview.appspot.com/5992078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0009/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "go/golang",
"version": {
"version_data": [
{
"version_value": "go/golang 1.0.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=765455",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=765455"
},
{
"name": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd",
"refsource": "MISC",
"url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd"
},
{
"name": "https://codereview.appspot.com/5992078",
"refsource": "MISC",
"url": "https://codereview.appspot.com/5992078"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210902-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210902-0009/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2666",
"datePublished": "2021-07-09T10:50:05.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:31.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4119 (GCVE-0-2011-4119)
Vulnerability from cvelistv5 – Published: 2021-10-26 12:11 – Updated: 2024-08-07 00:01| URL | Tags |
|---|---|
| https://seclists.org/oss-sec/2011/q4/249 | x_refsource_MISC |
| https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-1… | x_refsource_MISC |
| http://gnats.netbsd.org/45558 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | caml-light |
Affected:
caml-light <= 0.75
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q4/249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gnats.netbsd.org/45558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "caml-light",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "caml-light \u003c= 0.75"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "caml-light \u003c= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-26T12:11:15.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2011/q4/249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gnats.netbsd.org/45558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "caml-light",
"version": {
"version_data": [
{
"version_value": "caml-light \u003c= 0.75"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "caml-light \u003c= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/oss-sec/2011/q4/249",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2011/q4/249"
},
{
"name": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html",
"refsource": "MISC",
"url": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html"
},
{
"name": "http://gnats.netbsd.org/45558",
"refsource": "MISC",
"url": "http://gnats.netbsd.org/45558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4119",
"datePublished": "2021-10-26T12:11:15.000Z",
"dateReserved": "2011-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:50.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-23X4-M842-FMWF
Vulnerability from github – Published: 2021-05-11 00:04 – Updated: 2023-06-30 20:30Impact
On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory.
This vulnerability is local privilege escalation because the contents of the outputFolder can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled.
openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system.
Vulnerable Code
https://github.com/OpenAPITools/openapi-generator/blob/c6530519975341d7784a252132b2f0854f488901/modules/openapi-generator-online/src/main/java/org/openapitools/codegen/online/service/Generator.java#L184-L187
This vulnerability exists due to a race condition between the deletion of the randomly generated temporary file and the creation of the temporary directory.
File outputFolder = File.createTempFile("codegen-", "-tmp"); // Attacker knows the full path of the file that will be generated
// delete the file that was created
outputFolder.delete(); // Attacker sees file is deleted and begins a race to create their own directory before the code generator
// and make a directory of the same name
// SECURITY VULNERABILITY: Race Condition! - Attacker beats the code generator and now owns this directory
outputFolder.mkdir();
Patches
The issue has been patched by changing the underlying logic to use Files.createTempFile and has been released in the v5.1.0 stable version.
This vulnerability has the same root cause as CVE-2021-21363 from the swagger-api/swagger-codegen project as this project and that one both share the same original source tree.
See: https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j
For more information
If you have any questions or comments about this advisory: * Open an issue in OpenAPI Generator Github repo * Email us at security@openapitools.org
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.openapitools:openapi-generator-online"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21428"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-377",
"CWE-378",
"CWE-379",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-10T18:52:04Z",
"nvd_published_at": "2021-05-10T19:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nOn Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory.\n\nThis vulnerability is local privilege escalation because the contents of the outputFolder can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled.\n\nopenapi-generator-online creates insecure temporary folders with `File.createTempFile` during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system.\n\n### Vulnerable Code\n\nhttps://github.com/OpenAPITools/openapi-generator/blob/c6530519975341d7784a252132b2f0854f488901/modules/openapi-generator-online/src/main/java/org/openapitools/codegen/online/service/Generator.java#L184-L187\n\nThis vulnerability exists due to a race condition between the deletion of the randomly generated temporary file and the creation of the temporary directory.\n\n```java\nFile outputFolder = File.createTempFile(\"codegen-\", \"-tmp\"); // Attacker knows the full path of the file that will be generated\n// delete the file that was created\noutputFolder.delete(); // Attacker sees file is deleted and begins a race to create their own directory before the code generator\n// and make a directory of the same name\n// SECURITY VULNERABILITY: Race Condition! - Attacker beats the code generator and now owns this directory\noutputFolder.mkdir();\n```\n\n### Patches\nThe issue has been patched by changing the underlying logic to use `Files.createTempFile` and has been released in the v5.1.0 stable version.\n\nThis vulnerability has the same root cause as CVE-2021-21363 from the `swagger-api/swagger-codegen` project as this project and that one both share the same original source tree.\nSee: https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [OpenAPI Generator Github repo](https://github.com/openAPITools/openapi-generator/)\n* Email us at [security@openapitools.org](mailto:security@openapitools.org)",
"id": "GHSA-23x4-m842-fmwf",
"modified": "2023-06-30T20:30:26Z",
"published": "2021-05-11T00:04:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-23x4-m842-fmwf"
},
{
"type": "WEB",
"url": "https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21428"
},
{
"type": "WEB",
"url": "https://github.com/OpenAPITools/openapi-generator/pull/8788"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenAPITools/openapi-generator"
},
{
"type": "WEB",
"url": "https://github.com/OpenAPITools/openapi-generator/blob/c6530519975341d7784a252132b2f0854f488901/modules/openapi-generator-online/src/main/java/org/openapitools/codegen/online/service/Generator.java#L184-L187"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator"
}
GHSA-259V-FW35-W989
Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2022-04-23 00:40golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
{
"affected": [],
"aliases": [
"CVE-2012-2666"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-09T11:15:00Z",
"severity": "CRITICAL"
},
"details": "golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.",
"id": "GHSA-259v-fw35-w989",
"modified": "2022-04-23T00:40:50Z",
"published": "2022-04-23T00:40:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2666"
},
{
"type": "WEB",
"url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=765455"
},
{
"type": "WEB",
"url": "https://codereview.appspot.com/5992078"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210902-0009"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-282V-666C-3FVG
Vulnerability from github – Published: 2023-05-18 18:30 – Updated: 2024-11-22 20:34Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "transformers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.30.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-2800"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-19T13:27:42Z",
"nvd_published_at": "2023-05-18T17:15:08Z",
"severity": "MODERATE"
},
"details": "Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.",
"id": "GHSA-282v-666c-3fvg",
"modified": "2024-11-22T20:34:48Z",
"published": "2023-05-18T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2800"
},
{
"type": "WEB",
"url": "https://github.com/huggingface/transformers/pull/23372"
},
{
"type": "WEB",
"url": "https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43"
},
{
"type": "PACKAGE",
"url": "https://github.com/huggingface/transformers"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-299.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "transformers has Insecure Temporary File"
}
GHSA-2CXP-XQ3C-MJXX
Vulnerability from github – Published: 2026-04-22 18:31 – Updated: 2026-07-06 19:50Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references.
Original Description
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "coreutils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-29T22:53:30Z",
"nvd_published_at": "2026-04-22T17:16:36Z",
"severity": "LOW"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references.\n\n### Original Description\nThe mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.",
"id": "GHSA-2cxp-xq3c-mjxx",
"modified": "2026-07-06T19:50:32Z",
"published": "2026-04-22T18:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35342"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/pull/10566"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/commit/eb25ec328b226d8fbbaa4058bf9187165bf06d51"
},
{
"type": "PACKAGE",
"url": "https://github.com/uutils/coreutils"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: uutils coreutils\u0027 mktemp utility doesn\u0027t properly handle an empty TMPDIR environment variable",
"withdrawn": "2026-07-06T19:50:32Z"
}
GHSA-2H63-R9G4-JVHV
Vulnerability from github – Published: 2026-04-28 15:30 – Updated: 2026-04-28 18:30The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.
{
"affected": [],
"aliases": [
"CVE-2025-67223"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-28T15:16:06Z",
"severity": "HIGH"
},
"details": "The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.",
"id": "GHSA-2h63-r9g4-jvhv",
"modified": "2026-04-28T18:30:32Z",
"published": "2026-04-28T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67223"
},
{
"type": "WEB",
"url": "https://arandasoft.com/en/productos/aranda-service-management"
},
{
"type": "WEB",
"url": "https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html"
},
{
"type": "WEB",
"url": "https://github.com/brandonperezlara/CVE-2025-67223"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2MXR-RC97-XRJ2
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-10 00:02An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "net.sf.robocode:robocode.battle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.5.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-14307"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-10T00:02:37Z",
"nvd_published_at": "2025-12-09T16:17:38Z",
"severity": "CRITICAL"
},
"details": "An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.",
"id": "GHSA-2mxr-rc97-xrj2",
"modified": "2025-12-10T00:02:37Z",
"published": "2025-12-09T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14307"
},
{
"type": "WEB",
"url": "https://github.com/robo-code/robocode/pull/68"
},
{
"type": "WEB",
"url": "https://github.com/robo-code/robocode/commit/9f882bba2a9cd91da57c16b98699f8cc9b354f3a"
},
{
"type": "PACKAGE",
"url": "https://github.com/robo-code/robocode"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red",
"type": "CVSS_V4"
}
],
"summary": "Robocode has an insecure temporary file creation vulnerability in the AutoExtract component"
}
GHSA-2W8R-9XJ7-69J5
Vulnerability from github – Published: 2026-07-06 19:50 – Updated: 2026-07-06 19:50The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.
Zellic finding 3.11. Reported in the Zellic uutils coreutils Program Security Assessment (for Canonical, Jan 2026), audited commit 3a07ffc5a9bd4c283e75afa548ba1f1957bad242.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "uu_mktemp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35342"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-06T19:50:41Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the current working directory (CWD) instead of the intended secure temporary directory. If the CWD is more permissive or accessible to other users than /tmp, it may lead to unintended information disclosure or unauthorized access to temporary data.\n\n---\n_Zellic finding 3.11. Reported in the Zellic *uutils coreutils Program Security Assessment* (for Canonical, Jan 2026), audited commit `3a07ffc5a9bd4c283e75afa548ba1f1957bad242`._",
"id": "GHSA-2w8r-9xj7-69j5",
"modified": "2026-07-06T19:50:41Z",
"published": "2026-07-06T19:50:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/security/advisories/GHSA-2w8r-9xj7-69j5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35342"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/pull/10566"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/commit/eb25ec328b226d8fbbaa4058bf9187165bf06d51"
},
{
"type": "PACKAGE",
"url": "https://github.com/uutils/coreutils"
},
{
"type": "WEB",
"url": "https://github.com/uutils/coreutils/releases/tag/0.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "mktemp: empty TMPDIR creates temp files in CWD instead of /tmp"
}
GHSA-38H8-X697-GH8Q
Vulnerability from github – Published: 2018-11-09 17:45 – Updated: 2023-09-07 20:13Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege user.
Recommendation
There is currently no direct patch for sync-exec, as the child_process.execSync function provided in Node.js v0.12.0 and later provides the same functionality natively.
The best mitigation currently is to update to Node.js v0.12.0 or later, and migrate all uses of sync-exec to child_process.execSync().
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "sync-exec"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.6.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16024"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:54:36Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Affected versions of `sync-exec` use files located in `/tmp/` to buffer command results before returning values. As `/tmp/` is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via `sync-exec` under a higher privilege user.\n\n\n## Recommendation\n\nThere is currently no direct patch for `sync-exec`, as the `child_process.execSync` function provided in Node.js v0.12.0 and later provides the same functionality natively. \n\nThe best mitigation currently is to update to Node.js v0.12.0 or later, and migrate all uses of `sync-exec` to `child_process.execSync()`.",
"id": "GHSA-38h8-x697-gh8q",
"modified": "2023-09-07T20:13:49Z",
"published": "2018-11-09T17:45:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16024"
},
{
"type": "WEB",
"url": "https://github.com/gvarsanyi/sync-exec/issues/17"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/377.html"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-38h8-x697-gh8q"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/310"
},
{
"type": "WEB",
"url": "https://www.owasp.org/index.php/Insecure_Temporary_File"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Tmp files readable by other users in sync-exec"
}
No mitigation information available for this CWE.
CAPEC-149: Explore for Predictable Temporary File Names
An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
CAPEC-155: Screen Temporary Files for Sensitive Information
An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.