14 matches found
EUVD-2023-0537
Malicious code in bioql PyPI...
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
Information Disclosure
java-merge-sort is vulnerable to information disclosure. The vulnerability exists because the File.createTempFile in the provide function of StdTempFileProvider.java does not properly set the correct POSIX permissions, allowing an attacker to gain sensitive information through the temporary file...
at.molindo:esi4j (>=0.3.0 <=3.0.2), at.molindo:scrutineer (>=2.0.0 <=3.0.0) +9 more potentially affected by CVE-2022-24913 via com.fasterxml.util:java-merge-sort (>=0.7.1 <=1.0.2)
com.fasterxml.util:java-merge-sort MAVEN version =0.7.1, =0.3.0, =2.0.0, =1.0.3, =2.3.0, =0.5.3, =0.5.3, =0.9.0, =0.5.3, =0.5.3, =0.9.0, =1.0.2, =1.0.4 Source cves: CVE-2022-24913 Source advisory: OSV:GHSA-QXXC-7MQ4-MF79...
GHSA-QXXC-7MQ4-MF79 Java Merge-sort Insecure Temporary File vulnerability
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
Session fixation
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
CVE-2022-24913
CVE-2022-24913 affects com.fasterxml.util:java-merge-sort (versions before 1.1.0). The root cause is an insecure temporary file handling in StdTempFileProvider.java using File.createTempFile(), which can expose temporary file contents (confidentiality impact HIGH). Remediation: upgrade to 1.1.0 o...
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
java-merge-sort 安全漏洞
java-merge-sort is a basic standalone disk-based N-way merge-sort component for Java. A security vulnerability exists in java-merge-sort versions prior to 1.1.0, which stems from an insecure temporary file vulnerability in the StdTempFileProvider function in StdTempFileProvider.java, which allows...
PT-2023-12769 · Com.Fasterxml · Java-Merge-Sort
Name of the Vulnerable Software and Affected Versions: com.fasterxml.util:java-merge-sort versions prior to 1.1.0 Description: The issue is related to an Insecure Temporary File in the StdTempFileProvider function, located in StdTempFileProvider.java. This function utilizes the permissive...
at.molindo:esi4j (>=3.0.0 <=3.0.2), at.molindo:scrutineer (=3.0.0) +9 more potentially affected by CVE-2022-24913 via com.fasterxml.util:java-merge-sort (>=1.0.0 <=1.0.2)
com.fasterxml.util:java-merge-sort MAVEN version =1.0.0, =3.0.0, =6.5.0, =2.3.0, =0.5.3, =0.5.3, =0.9.0, =0.5.3, =0.5.3, =0.9.0, =1.0.2, =1.0.4 Source cves: CVE-2022-24913 Source advisory: SNYK:JAVA-COMFASTERXMLUTIL-3227926...
Insecure Temporary File
Overview com.fasterxml.util:java-merge-sort is a package for basic configurable disk-backed N-way merge sort Affected versions of this package are vulnerable to Insecure Temporary File. in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile...