MidnightBSD

Advisories for java-merge-sort_project

CVE-2022-24913

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

Products Affected

Vendor Product Version
java-merge-sort_project java-merge-sort *