-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is explicitly attributed to the StdTempFileProvider() function's use of File.createTempFile() in the advisory. The commit diff confirms the vulnerable code was located in the provide() method of StdTempFileProvider.java, where File.createTempFile() was replaced with the secure Files.createTempFile(). The CWE-377 classification directly maps to the insecure temporary file creation pattern demonstrated here.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.fasterxml.util:java-merge-sort | maven | < 1.1.0 | 1.1.0 |
Ongoing coverage of React2Shell