Vulnerabilities > CVE-2022-24913 - Exposure of Resource to Wrong Sphere vulnerability in Java-Merge-Sort Project Java-Merge-Sort
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
- https://github.com/cowtowncoder/java-merge-sort/commit/450fdee70b5f181c2afc5d817f293efa1a543902
- https://github.com/cowtowncoder/java-merge-sort/pull/21
- https://github.com/cowtowncoder/java-merge-sort/pull/21
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLUTIL-3227926