-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.storm:storm-core | maven | >= 2.0.0, < 2.6.0 | 2.6.0 |
Miggo AIRoot Cause AnalysisThe vulnerability specifically stems from using File.createTempFile() in TopologySpoutLag.java (line 99) which creates insecure temporary files. The commit diff shows this was replaced with Files.createTempFile() to fix permissions. While other files were patched, the vulnerability documentation explicitly calls out this class/method as the primary affected component. The default permissions and shared temp directory create the exposure vector described in CWE-200.
JavaJavaOngoing coverage of React2Shell