This repository was archived by the owner on May 1, 2024. It is now read-only.
This repository was archived by the owner on May 1, 2024. It is now read-only.
[Security] Information Exposure from GraphQL Dependency #2
Description
⚠️ Security Report
Description
Introduced through the Maven dependency in pom.xml file:
com.graphql-java-kickstart:[email protected]
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Additional context
- More information on the Snyk Report
- As of version 1.4.21, the vulnerable functions have been marked as deprecated. Due to still being usable, this advisory is kept as "unfixed".