How severe is CVE-2022-24913?

CVE-2022-24913 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2022-24913

Name: java-merge-sort
Author: java-merge-sort_project

5.5MEDIUM

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the perm

Publicado: 1/12/2023Atualizado: 4/8/2025

Descrição

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

Análise IADesenvolvido por IA

Produtos Afetados

java-merge-sort_projectjava-merge-sort

Referências

https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
PatchThird Party Advisory
https://github.com/cowtowncoder/java-merge-sort/pull/21
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Third Party Advisory
https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
PatchThird Party Advisory
https://github.com/cowtowncoder/java-merge-sort/pull/21
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Third Party Advisory