Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
{
"cwe_ids": [
"CWE-377"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24913.json",
"cna_assigner": "snyk"
}{
"cpe": "cpe:2.3:a:java-merge-sort_project:java-merge-sort:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}