CVE-2023-33251 Information

Description

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX a similar issue to CVE-2022-41946.

Reference

https://akka.io/security/akka-http-cve-2023-05-15.html