CVE-2022-24913

CVE-2022-24913, GHSA-qxxc-7mq4-mf79

maven/com.fasterxml.util/java-merge-sort

Java Merge-sort Insecure Temporary File vulnerability

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 is vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

All versions before 1.1.0

Upgrade to version 1.1.0 or above.

2023-01-13