1. Home
  2. Vulnerabilities
  3. CVE-2022-24913

CVE-2022-24913

CVSS v3.1 5.5 (Medium)
55% Progress
EPSS 0.05 % (18th)
0.05% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

Weaknesses
CWE-377
Insecure Temporary File
CWE-668
Exposure of Resource to Wrong Sphere
CVE Status
PUBLISHED
CNA
Snyk
Published Date
2023-01-12 05:15:11
(20 months ago)
Updated Date
2023-11-07 03:44:41
(10 months ago)

Affected Products

Java-merge-sort Project

Configuration #1

    CPE23 From Up To
  Java-merge-sort Project Java-merge-sort prior 1.1.0 version cpe:2.3:a:java-merge-sort_project:java-merge-sort < 1.1.0