How severe is CVE-2022-24913?

CVE-2022-24913 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2022-24913

Name: java-merge-sort
Author: java-merge-sort_project

5.5MEDIUM

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the perm

Опубликовано: 1/12/2023Обновлено: 4/8/2025

Описание

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

ИИ-АнализНа базе ИИ

Затронутые продукты

java-merge-sort_projectjava-merge-sort

Ссылки

https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
PatchThird Party Advisory
https://github.com/cowtowncoder/java-merge-sort/pull/21
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Third Party Advisory
https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
PatchThird Party Advisory
https://github.com/cowtowncoder/java-merge-sort/pull/21
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Third Party Advisory