2 matches found
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
CVE-2022-24913
CVE-2022-24913 affects com.fasterxml.util:java-merge-sort (versions before 1.1.0). The root cause is an insecure temporary file handling in StdTempFileProvider.java using File.createTempFile(), which can expose temporary file contents (confidentiality impact HIGH). Remediation: upgrade to 1.1.0 o...