-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from the use of File.createTempFile() in FileUtil.createTempFile. This method creates temporary files with predictable names and default permissions that may be accessible to other users (CWE-377, CWE-732). The patch replaced this with PathUtil.createTempFile(), which uses Files.createTempFile() with safer permissions. The commit diff explicitly shows the removal of File.createTempFile() in favor of a more secure alternative, confirming this as the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| cn.hutool:hutool-core | maven | < 5.8.19 | 5.8.19 |
Ongoing coverage of React2Shell