CVE-2022-21126

Summary

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.

Affected Software

VendorProductVersion RangeStatus
n/acom.github.samtools:htsjdkunspecified < 3.0.1affected

Weaknesses

  • Creation of Temporary File in Directory with Insecure Permissions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References