CVE-2022-24913

Medium

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the…

snyk·CWE-377·Published 2023-01-12

CVSS

5.5

EPSS

0.00

KEV

Exploits

cve.orgen

272 chars

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

NVDen

272 chars

OSV.deven

280 chars

Versions of the package `com.fasterxml.util:java-merge-sort` before 1.1.0 are vulnerable to Insecure Temporary File in the `StdTempFileProvider()` function in `StdTempFileProvider.java`, which uses the permissive `File.createTempFile()` function, exposing temporary file contents.

GHSAen

280 chars

NVDes

296 chars

Las versiones del paquete com.fasterxml.util:java-merge-sort anteriores a 1.1.0 son vulnerables a archivos temporales inseguros en la función StdTempFileProvider() en StdTempFileProvider.java, que utiliza la función permisiva File.createTempFile(), exponiendo el contenido de un archivo temporal.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.5	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	NVD	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	5.5	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	GHSA	5.5	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N