Lucene search
China National Vulnerability DatabaseCNVD-2022-85323HistoryDec 01, 2022 - 12:00 a.m.
samtools htsjdk license issue vulnerability
2022-12-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
htsjdk
samtools
java api
high-throughput sequencing data format
licensing issue
createtempdir
insecure permissions
temporary files
directory
vulnerability
exploit
0.0005 Low
EPSS
Percentile
17.9%
htsjdk is a samtools open source a Java API for high-throughput sequencing data (HTS) format. htsjdk 3.0.1 and previous versions of com.github.samtools has a licensing issue, the vulnerability is due to the createTempDir () function in util/IOUtil, with insecure permissions to create temporary files in a directory, and java does not check for the existence of the temporary directory before attempting to create it, an attacker can exploit the vulnerability to illegally create temporary files.
| CPE | Name | Operator | Version |
|---|---|---|---|
| samtools htsjdk | lt | 3.0.1 |
Related
ubuntucve
ubuntucve
CVE-2022-21126
2022-11-29 00:00:00
github
github
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
2022-11-29 18:30:18
cve
cve
CVE-2022-21126
2022-11-29 17:15:11
nvd
nvd
CVE-2022-21126
2022-11-29 17:15:11
osv
osv
CVE-2022-21126
2022-11-29 17:15:11
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
2022-11-29 18:30:18
veracode
veracode
Information Disclosure
2022-12-01 15:16:15
cvelist
cvelist
prion
prion
Directory traversal
2022-11-29 17:15:00