Learn about CVE-2021-21428, a critical vulnerability in OpenAPI-Generator allowing creation of insecure temporary files, potentially compromising confidentiality, integrity, and availability of the system. Find out mitigation steps.
Openapi generator is a java tool used to generate API client libraries, server stubs, documentation, and configuration automatically given an OpenAPI Spec. The vulnerability in openapi-generator-online allows the creation of insecure temporary folders with File.createTempFile during the code generation process. Insecure temporary folders store auto-generated files that can be read and appended to by any users on the system. The issue has been patched in version 5.1.0.