8 lines
558 B
Plaintext
8 lines
558 B
Plaintext
Creating temporary files using insecure methods exposes the application to race conditions on filenames: a malicious user can try to create a file with a predictable name before the application does. A successful attack can result in other files being accessed, modified, corrupted or deleted. This risk is even higher if the application run with elevated permissions.
|
|
|
|
|
|
In the past, it has led to the following vulnerabilities:
|
|
|
|
* https://nvd.nist.gov/vuln/detail/CVE-2014-1858[CVE-2014-1858]
|
|
* https://nvd.nist.gov/vuln/detail/CVE-2014-1932[CVE-2014-1932]
|