CVE-2022-24913

Description

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

CVSS Version 3.1

nvd

CVE ID: CVE-2022-24913
Base Score: 5.5
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.8

snyk

CVE ID: CVE-2022-24913
Base Score: 5.5
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.8

Refrence: NVDMITRE