5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.5%
Versions of the package com.fasterxml.util:java-merge-sort
before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider()
function in StdTempFileProvider.java
, which uses the permissive File.createTempFile()
function, exposing temporary file contents.
CPE | Name | Operator | Version |
---|---|---|---|
com.fasterxml.util:java-merge-sort | lt | 1.1.0 |