CVE-2022-24913

Name of the Vulnerable Software and Affected Versions com.fasterxml.util:java-merge-sort versions prior to 1.1.0

Description The issue is related to an Insecure Temporary File in the StdTempFileProvider() function, located in StdTempFileProvider.java. This function utilizes the permissive File.createTempFile() function, which exposes the contents of temporary files.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the StdTempFileProvider() function until a patch is available.