Common Weakness Enumeration

CWE-379

Allowed

Creation of Temporary File in Directory with Insecure Permissions

Abstraction: Base · Status: Incomplete

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

112 vulnerabilities reference this CWE, most recent first.

GHSA-HH2W-28R4-MPW7

Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-08-01 15:31
VLAI
Details

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root via a directory traversal.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36821"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T18:15:13Z",
    "severity": "HIGH"
  },
  "details": "Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root via a directory traversal.",
  "id": "GHSA-hh2w-28r4-mpw7",
  "modified": "2024-08-01T15:31:48Z",
  "published": "2024-06-11T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36821"
    },
    {
      "type": "WEB",
      "url": "https://downloads.linksys.com/support/assets/releasenotes/WHW01_VLP01_1.1.13.202617_Customer_Release_Notes.txt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/IvanGlinkin/CVE-2024-36821"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6MG-G6PW-7WX6

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-15T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-j6mg-g6pw-7wx6",
  "modified": "2022-05-24T17:47:41Z",
  "published": "2022-05-24T17:47:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21100"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JFGX-WXX8-MP94

Vulnerability from github – Published: 2026-06-17 13:55 – Updated: 2026-06-17 13:55
VLAI
Summary
Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts
Details

Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts

Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directory could prepare the expected package location before another user runs pi with a temporary extension package source. Pi could then load attacker-controlled extension code in the victim user's process.

Info

The vulnerable code path affected temporary extension package sources loaded with --extension or -e, specifically npm and git package sources. The temporary npm install root and temporary git clone paths were deterministic and rooted under os.tmpdir()/pi-extensions. The path was derived from public source information rather than from a per-user private directory or an unpredictable temporary directory.

During resource resolution, pi considered an npm package or git checkout present if the expected package path already existed. Extension resources discovered from that package location were then loaded by the extension loader. Because extensions execute with the same privileges as the invoking pi process, pre-created temporary package contents could execute as the victim user.

The issue primarily affects Linux-based multi-user hosts where the operating system temporary directory is shared across user accounts, such as shared development machines, CI runners, HPC login nodes, and similar environments. On Windows and macOS, the default temporary directory is typically user-scoped, so default configurations are not expected to be affected unless the temporary directory is overridden to a shared writable location.

Impact

A local attacker with access to the same host can exploit this only if a victim runs a vulnerable pi version with a temporary npm or git extension package source that maps to the attacker-prepared location. No network attack path is involved and no race must be won, but victim interaction is required.

Successful exploitation can allow arbitrary extension code execution as the victim user. This can expose or modify files accessible to that user and can also cause denial of service or data loss through malicious package contents or unsafe temporary cache entries.

Affected versions

  • @earendil-works/pi-coding-agent: affected >= 0.74.0, < 0.78.1; patched >= 0.78.1
  • @mariozechner/pi-coding-agent: affected >= 0.50.0, <= 0.73.1; no patched version was released under the old package name. Migrate to @earendil-works/pi-coding-agent >= 0.78.1.

The solution

Version 0.78.1 moves temporary extension package installs to a private per-user directory under ~/.pi/agent/tmp/extensions and enforces 0700 permissions on that directory. The same release also hardens git package source path handling so managed clone paths remain inside their intended install roots.

Recommendations

Upgrade to @earendil-works/pi-coding-agent version 0.78.1 or later. Users of the deprecated @mariozechner/pi-coding-agent package should migrate to the @earendil-works/pi-coding-agent package and upgrade to a fixed version.

On shared Linux hosts, avoid using temporary npm or git extension package sources with vulnerable versions. Review any third-party extensions before loading them, because pi extensions run with full access to the invoking user's account.

Workarounds

If upgrading immediately is not possible, avoid --extension or -e with npm or git package sources on shared Linux systems. As an additional mitigation for vulnerable versions, configure the process temporary directory environment to point at a directory owned by the invoking user with 0700 permissions before starting pi.

Timeline

  • 2026-05-29: Report received
  • 2026-06-02: Fix committed
  • 2026-06-04: Fixed version 0.78.1 released
  • 2026-06-08: Advisory prepared for publication

Credits

Reported by Paul Urian and Cosmin Alexa of CrowdStrike.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@earendil-works/pi-coding-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.74.0"
            },
            {
              "fixed": "0.78.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@mariozechner/pi-coding-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.50.0"
            },
            {
              "last_affected": "0.73.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-17T13:55:13Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "# Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts\n\nPi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directory could prepare the expected package location before another user runs pi with a temporary extension package source. Pi could then load attacker-controlled extension code in the victim user\u0027s process.\n\n## Info\n\nThe vulnerable code path affected temporary extension package sources loaded with `--extension` or `-e`, specifically npm and git package sources. The temporary npm install root and temporary git clone paths were deterministic and rooted under `os.tmpdir()/pi-extensions`. The path was derived from public source information rather than from a per-user private directory or an unpredictable temporary directory.\n\nDuring resource resolution, pi considered an npm package or git checkout present if the expected package path already existed. Extension resources discovered from that package location were then loaded by the extension loader. Because extensions execute with the same privileges as the invoking pi process, pre-created temporary package contents could execute as the victim user.\n\nThe issue primarily affects Linux-based multi-user hosts where the operating system temporary directory is shared across user accounts, such as shared development machines, CI runners, HPC login nodes, and similar environments. On Windows and macOS, the default temporary directory is typically user-scoped, so default configurations are not expected to be affected unless the temporary directory is overridden to a shared writable location.\n\n## Impact\n\nA local attacker with access to the same host can exploit this only if a victim runs a vulnerable pi version with a temporary npm or git extension package source that maps to the attacker-prepared location. No network attack path is involved and no race must be won, but victim interaction is required.\n\nSuccessful exploitation can allow arbitrary extension code execution as the victim user. This can expose or modify files accessible to that user and can also cause denial of service or data loss through malicious package contents or unsafe temporary cache entries.\n\n## Affected versions\n\n- `@earendil-works/pi-coding-agent`: affected `\u003e= 0.74.0, \u003c 0.78.1`; patched `\u003e= 0.78.1`\n- `@mariozechner/pi-coding-agent`: affected `\u003e= 0.50.0, \u003c= 0.73.1`; no patched version was released under the old package name. Migrate to `@earendil-works/pi-coding-agent \u003e= 0.78.1`.\n\n## The solution\n\nVersion 0.78.1 moves temporary extension package installs to a private per-user directory under `~/.pi/agent/tmp/extensions` and enforces `0700` permissions on that directory. The same release also hardens git package source path handling so managed clone paths remain inside their intended install roots.\n\n## Recommendations\n\nUpgrade to `@earendil-works/pi-coding-agent` version 0.78.1 or later. Users of the deprecated `@mariozechner/pi-coding-agent` package should migrate to the `@earendil-works/pi-coding-agent` package and upgrade to a fixed version.\n\nOn shared Linux hosts, avoid using temporary npm or git extension package sources with vulnerable versions. Review any third-party extensions before loading them, because pi extensions run with full access to the invoking user\u0027s account.\n\n## Workarounds\n\nIf upgrading immediately is not possible, avoid `--extension` or `-e` with npm or git package sources on shared Linux systems. As an additional mitigation for vulnerable versions, configure the process temporary directory environment to point at a directory owned by the invoking user with `0700` permissions before starting pi.\n\n## Timeline\n\n- 2026-05-29: Report received\n- 2026-06-02: Fix committed\n- 2026-06-04: Fixed version 0.78.1 released\n- 2026-06-08: Advisory prepared for publication\n\n## Credits\n\nReported by Paul Urian and Cosmin Alexa of CrowdStrike.",
  "id": "GHSA-jfgx-wxx8-mp94",
  "modified": "2026-06-17T13:55:13Z",
  "published": "2026-06-17T13:55:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/security/advisories/GHSA-jfgx-wxx8-mp94"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/pull/5345"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/commit/a98e087e5d08ea2a536bf73dbb0aebb87c3ef72e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/commit/ea3465a8e371a12d0167a06b60f93878e3a3df44"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/earendil-works/pi"
    },
    {
      "type": "WEB",
      "url": "https://github.com/earendil-works/pi/releases/tag/v0.78.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts"
}

GHSA-JMGM-GX32-VP4W

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 18:49
VLAI
Summary
LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions
Details

A vulnerability in the default_jsonalyzer function of the JSONalyzeQueryEngine in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.12.3.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "llama-index"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-12911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379",
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-21T18:49:08Z",
    "nvd_published_at": "2025-03-20T10:15:32Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.12.3.",
  "id": "GHSA-jmgm-gx32-vp4w",
  "modified": "2025-03-21T18:49:08Z",
  "published": "2025-03-20T12:32:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12911"
    },
    {
      "type": "WEB",
      "url": "https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/run-llama/llama_index"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/095f9e67-311d-494c-99c5-5e61a0adb8f3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions"
}

GHSA-JXWM-WCQC-FGCC

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-12T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.",
  "id": "GHSA-jxwm-wcqc-fgcc",
  "modified": "2022-05-24T17:44:28Z",
  "published": "2022-05-24T17:44:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21068"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MM62-QGR2-384Q

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-27T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction.",
  "id": "GHSA-mm62-qgr2-384q",
  "modified": "2022-05-24T19:15:48Z",
  "published": "2022-05-24T19:15:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28613"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-76.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MVPH-H5J7-4H2G

Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-05-06 15:30
VLAI
Details

.NET Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-379"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T18:15:30Z",
    "severity": "HIGH"
  },
  "details": ".NET Elevation of Privilege Vulnerability",
  "id": "GHSA-mvph-h5j7-4h2g",
  "modified": "2025-05-06T15:30:54Z",
  "published": "2025-01-14T18:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21173"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
    },
    {
      "type": "WEB",
      "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P4PQ-252W-Q8GG

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-10-27 19:00
VLAI
Details

Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-01T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim\u0027s machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.",
  "id": "GHSA-p4pq-252w-q8gg",
  "modified": "2022-10-27T19:00:40Z",
  "published": "2022-05-24T19:12:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36002"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P6GC-38CF-8626

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-10-19 12:00
VLAI
Details

Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-28T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.",
  "id": "GHSA-p6gc-38cf-8626",
  "modified": "2022-10-19T12:00:23Z",
  "published": "2022-05-24T19:06:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28597"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/photoshop_elements/apsb21-46.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P826-8VHQ-H439

Vulnerability from github – Published: 2021-05-06 15:27 – Updated: 2021-05-19 17:41
VLAI
Summary
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19
Details

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.

  • https://vaadin.com/security/cve-2021-31411
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 14.5.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0.3"
            },
            {
              "fixed": "14.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 19.0.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0"
            },
            {
              "fixed": "19.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-31411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-04T17:54:40Z",
    "nvd_published_at": "2021-05-05T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Insecure temporary directory usage in frontend build functionality of `com.vaadin:flow-server` versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.\n\n- https://vaadin.com/security/cve-2021-31411",
  "id": "GHSA-p826-8vhq-h439",
  "modified": "2021-05-19T17:41:45Z",
  "published": "2021-05-06T15:27:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31411"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/flow/pull/10640"
    },
    {
      "type": "WEB",
      "url": "https://vaadin.com/security/cve-2021-31411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19"
}

Mitigation
Requirements

Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.

Mitigation
Implementation

Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories.

Mitigation
Implementation

Avoid using vulnerable temp file functions.

No CAPEC attack patterns related to this CWE.