Vulnerability Details CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.0%
CVSS Severity
CVSS v3 Score 5.5
References
- https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
- https://github.com/cowtowncoder/java-merge-sort/pull/21
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
- https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
- https://github.com/cowtowncoder/java-merge-sort/pull/21
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
Products affected by CVE-2022-24913
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:-
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.5.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.5.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.5.2
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.5.3
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.6.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.7.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.7.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.7.2
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.8.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.8.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.9.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.9.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:1.0.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:1.0.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:1.0.2