Insecure Temporary File Exposure in com.fasterxml.util:java-merge-sort (before 1.1.0)

Insecure Temporary File Exposure in com.fasterxml.util:java-merge-sort (before 1.1.0)

CVE-2022-24913 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

Learn more about our Web Application Penetration Testing UK.