How severe is CVE-2022-24913?

CVE-2022-24913 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2022-24913

Name: java-merge-sort
Author: java-merge-sort_project

5.5MEDIUM

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the perm

发布于: 1/12/2023更新于: 4/8/2025

描述

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

AI分析AI驱动

受影响产品

java-merge-sort_projectjava-merge-sort

参考资料

https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
PatchThird Party Advisory
https://github.com/cowtowncoder/java-merge-sort/pull/21
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Third Party Advisory
https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
PatchThird Party Advisory
https://github.com/cowtowncoder/java-merge-sort/pull/21
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Third Party Advisory