How severe is CVE-2022-24913?

CVE-2022-24913 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2022-24913

Name: java-merge-sort
Author: java-merge-sort_project

5.5MEDIUM

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the perm

Publicado: 1/12/2023Actualizado: 4/8/2025

Descripción

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

Análisis IAImpulsado por IA

Productos Afectados

java-merge-sort_projectjava-merge-sort

Referencias

https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
PatchThird Party Advisory
https://github.com/cowtowncoder/java-merge-sort/pull/21
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Third Party Advisory
https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
PatchThird Party Advisory
https://github.com/cowtowncoder/java-merge-sort/pull/21
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Third Party Advisory