cowtowncoder/java-merge-sort

Releases18

Frequency7 months 4 weeks

Last Release over 3 years ago

Stars89

Basic stand-alone disk-based N-way merge sort component for Java

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-24913 ↗	Jan 12, 2023Thursday, 12 January 2023, 05:15	5.5 MEDIUM	—
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.