Vulnerability Details CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 15.1%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2022-24913
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:-
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.5.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.5.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.5.2
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.5.3
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.6.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.7.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.7.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.7.2
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.8.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.8.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.9.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:0.9.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:1.0.0
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:1.0.1
-
cpe:2.3:a:java-merge-sort_project:java-merge-sort:1.0.2