Medium severity5.5NVD Advisory· Published May 1, 2022· Updated Jun 17, 2026
CVE-2022-21230
CVE-2022-21230
Description
This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. Workaround: Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nanohttpd/nanohttpddescription
Patches
Vulnerability mechanics
References
4- github.com/JLLeitschuh/security-research/security/advisories/GHSA-2r85-x9cf-8fcgnvdThird Party Advisory
- snyk.io/vuln/SNYK-JAVA-ORGNANOHTTPD-2422798nvdThird Party Advisory
- github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java%23L58nvdBroken Link
- github.com/NanoHttpd/nanohttpd/blob/efb2ebf85a2b06f7c508aba9eaad5377e3a01e81/core/src/main/java/org/nanohttpd/protocols/http/tempfiles/DefaultTempFileManager.java%23L60nvdBroken Link
News mentions
0No linked articles in our index yet.