OESA-2021-1181

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1181

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1181.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2021-1181

Upstream

CVE-2021-28168

Published

2021-05-15T11:02:53Z

Modified

2025-09-03T06:17:20.765763Z

Summary

jersey security update

Details

Jersey is the open source JAX-RS (JSR 311) production quality Reference Implementation for building RESTful Web services.

Security Fix(es):

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.(CVE-2021-28168)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / jersey

Package

Name: jersey
Purl: pkg:rpm/openEuler/jersey&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.28-2.oe1

Ecosystem specific

{
    "src": [
        "jersey-2.28-2.oe1.src.rpm"
    ],
    "noarch": [
        "jersey-2.28-2.oe1.noarch.rpm",
        "jersey-javadoc-2.28-2.oe1.noarch.rpm",
        "jersey-test-framework-2.28-2.oe1.noarch.rpm"
    ]
}