CVE-2022-24913

Java Merge-sort Insecure Temporary File vulnerability in maven/com.fasterxml.util/java-merge-sort

Identifiers

CVE-2022-24913, GHSA-qxxc-7mq4-mf79

Package Slug

maven/com.fasterxml.util/java-merge-sort

Vulnerability

Java Merge-sort Insecure Temporary File vulnerability

Description

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 is vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

Affected Versions

All versions before 1.1.0

Solution

Upgrade to version 1.1.0 or above.

Last Modified

2023-01-13

source