Headline
GHSA-qxxc-7mq4-mf79: Java Merge-sort Insecure Temporary File vulnerability
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
Java Merge-sort Insecure Temporary File vulnerability
Moderate severity GitHub Reviewed Published Jan 12, 2023 • Updated Jan 12, 2023
Related news
CVE-2022-24913: Snyk Vulnerability Database | Snyk
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.