htsjdk is a samtools open source a Java API for high-throughput sequencing data (HTS) format. htsjdk 3.0.1 and previous versions of com.github.samtools has a licensing issue, the vulnerability is due to the createTempDir () function in util/IOUtil, with insecure permissions to create temporary files in a directory, and java does not check for the existence of the temporary directory before attempting to create it, an attacker can exploit the vulnerability to illegally create temporary files.
CPE | Name | Operator | Version |
---|---|---|---|
samtools htsjdk | lt | 3.0.1 |