CVE-2022-24913
5.5MEDIUMVersions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the perm
Published: 1/12/2023Updated: 4/8/2025
Description
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
AI AnalysisPowered by AI
Affected Products
java-merge-sort_projectjava-merge-sort
References
- https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902PatchThird Party Advisory
- https://github.com/cowtowncoder/java-merge-sort/pull/21PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926Third Party Advisory
- https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902PatchThird Party Advisory
- https://github.com/cowtowncoder/java-merge-sort/pull/21PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926Third Party Advisory