Skip to content
This repository has been archived by the owner on May 1, 2024. It is now read-only.

[Security] Information Exposure from GraphQL Dependency #2

Open
Francesco146 opened this issue Aug 9, 2023 · 0 comments
Open

[Security] Information Exposure from GraphQL Dependency #2

Francesco146 opened this issue Aug 9, 2023 · 0 comments
Labels
security Security related bugs wontfix This will not be worked on

Comments

@Francesco146
Copy link
Owner

Francesco146 commented Aug 9, 2023
edited
Loading

⚠️ Security Report

Description

Introduced through the Maven dependency in pom.xml file:

com.graphql-java-kickstart:[email protected]

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.

Additional context

  • More information on the Snyk Report
  • As of version 1.4.21, the vulnerable functions have been marked as deprecated. Due to still being usable, this advisory is kept as "unfixed".
@Francesco146 Francesco146 added wontfix This will not be worked on security Security related bugs labels Aug 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security Security related bugs wontfix This will not be worked on
Projects
No open projects
PassportEase
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Francesco146