CVE-2022-24913
5.5MEDIUMVersions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the perm
게시됨: 1/12/2023업데이트됨: 4/8/2025
설명
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
AI 분석AI 기반
영향받는 제품
java-merge-sort_projectjava-merge-sort
참조
- https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902PatchThird Party Advisory
- https://github.com/cowtowncoder/java-merge-sort/pull/21PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926Third Party Advisory
- https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902PatchThird Party Advisory
- https://github.com/cowtowncoder/java-merge-sort/pull/21PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926Third Party Advisory