CVE-2022-24913

Summary

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

Affected Software

VendorProductVersion RangeStatus
n/acom.fasterxml.util:java-merge-sort0 < 1.1.0affected

Weaknesses

  • CWE-377: Insecure Temporary File

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References