HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere

2022-11-2918:30:18

Google

osv.dev

exposure

resource

vulnerability

temporary file

insecure permissions

directory

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.9%

JSON

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.

CPENameOperatorVersion
com.github.samtools:htsjdkeq2.20.3
com.github.samtools:htsjdkeq2.21.2
com.github.samtools:htsjdkeq2.4.0
com.github.samtools:htsjdkeq2.24.1
com.github.samtools:htsjdkeq2.20.2
com.github.samtools:htsjdkeq2.18.0
com.github.samtools:htsjdkeq2.22.0
com.github.samtools:htsjdkeq2.1.0
com.github.samtools:htsjdkeq2.18.2
com.github.samtools:htsjdkeq2.6.0

Name	Operator	Version
com.github.samtools:htsjdk	eq	2.20.3
com.github.samtools:htsjdk	eq	2.21.2
com.github.samtools:htsjdk	eq	2.4.0
com.github.samtools:htsjdk	eq	2.24.1
com.github.samtools:htsjdk	eq	2.20.2
com.github.samtools:htsjdk	eq	2.18.0
com.github.samtools:htsjdk	eq	2.22.0
com.github.samtools:htsjdk	eq	2.1.0
com.github.samtools:htsjdk	eq	2.18.2
com.github.samtools:htsjdk	eq	2.6.0