CVE-2022-24913

Published: 2023-01-12T05:15Z

Last Modified: 2025-04-08T18:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt