CVE-2022-24913

Description

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics