Vulnerabilities (CVE)

Filtered by vendor Java-merge-sort Project Subscribe
Filtered by product Java-merge-sort
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24913 1 Java-merge-sort Project 1 Java-merge-sort 2024-11-21 N/A 5.5 MEDIUM
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.