CVE-2022-21126
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-21126
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21126.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-21126
- Aliases
- Downstream
- Published
- 2022-11-29T17:15:11.043Z
- Modified
- 2025-11-14T12:50:29.300119Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.
- References
Affected packages
Git / github.com/samtools/htsjdk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/samtools/htsjdk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.113
1.114
1.115
1.116
1.117
1.118
1.119
1.120
1.121
1.122
1.123
1.124
1.125
1.126
1.127
1.128
1.129
1.130
1.131
1.133
1.134
1.135
1.136
1.137
1.138
1.139
1.140
1.141
1.142
2.*
2.0.0
2.0.1
2.1.0
2.1.1
2.10.0
2.10.1
2.11.0
2.12.0
2.13.0
2.13.1
2.13.2
2.14.0
2.14.1
2.14.2
2.14.3
2.15.0
2.16.0
2.16.1
2.17.0
2.18.0
2.18.1
2.18.2
2.19.0
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.20.0
2.20.1
2.20.2
2.20.3
2.21.0
2.21.1
2.21.2
2.22.0
2.23.0
2.24.0
2.24.1
2.3.0
2.3.0_buildhotfix
2.4.0
2.4.1
2.5.0
2.5.1
2.6.0
2.6.1
2.7.0
2.8.0
2.8.1
2.9.0
2.9.1
3.*
3.0.0
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"190243121404175968556898503944779845338",
"172682995083196134213455740128378881106",
"202027173843825547381830007852381107615",
"149266121814263730027278577536837126360"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/variant/vcf/VCFMergerTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-099dc90a",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"length": 351.0,
"function_hash": "322865586794886201324158307633405525302"
},
"target": {
"file": "src/test/java/htsjdk/samtools/util/IOUtilTest.java",
"function": "createLocalFiles"
},
"deprecated": false,
"id": "CVE-2022-21126-09d0c151",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 1193.0,
"function_hash": "132626813690223609058003109484158721477"
},
"target": {
"file": "src/test/java/htsjdk/tribble/index/IndexFactoryTest.java",
"function": "testIndexRedirectedFiles"
},
"deprecated": false,
"id": "CVE-2022-21126-1fcb84a5",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"299626316927264171527189963257735733747",
"140929930312599594847798749687032822401",
"282774608707733993190787251205050794189",
"50859710151712684947578712585418342290"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/samtools/reference/FastaSequenceIndexCreatorTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-49c9acda",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"59054967066091980695805507356768458069",
"23664166286020052899008013465400664660",
"46781572012365655188268042600358030162",
"135400310458581339538496685556101001590",
"18935595498945060999484832616104585515",
"295559975065451951321613894035935937965",
"328673297245674257761634365993468221552",
"177975870659807443538220484376063525661",
"39167473591000412086056270779847957013",
"165596493405660916573356732078303146159",
"22828417594200161773453882249579069991",
"177614450840812099709030943009771076029"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/tribble/index/IndexFactoryTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-587b9632",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"length": 787.0,
"function_hash": "73119092046264786313145414990239248125"
},
"target": {
"file": "src/test/java/htsjdk/samtools/seekablestream/SeekableStreamFactoryTest.java",
"function": "testPathWithEmbeddedSpace"
},
"deprecated": false,
"id": "CVE-2022-21126-58bdb2eb",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 1140.0,
"function_hash": "193990000650194456778230667506738864190"
},
"target": {
"file": "src/test/java/htsjdk/tribble/index/IndexFactoryTest.java",
"function": "testCreateLinearIndexFromBCF"
},
"deprecated": false,
"id": "CVE-2022-21126-63425c61",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"155458141461161964664830851354333836709",
"240392839938811889894383207537335066175",
"105785770956838740555634856336057300291",
"266914357684368404251471375735806471428",
"15344680243215791623537081327946177646",
"174591450596525566073066074921436085183",
"6044141299928353841960568106678223558",
"228842704925952140726551128482575269844",
"130770586674084897296761473485097695770",
"309417174571416661408291527116465441302",
"210418413377788252536616418103063275629",
"93037749533167087278639541909209642826",
"127511581347928495024497355893544668067",
"92283995314913313305964916259485817766"
],
"threshold": 0.9
},
"target": {
"file": "src/main/java/htsjdk/samtools/util/IOUtil.java"
},
"deprecated": false,
"id": "CVE-2022-21126-6da9610f",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"length": 1126.0,
"function_hash": "148886692087390927093735168733013802402"
},
"target": {
"file": "src/test/java/htsjdk/tribble/index/IndexFactoryTest.java",
"function": "testCreateTabixIndexFromVCF"
},
"deprecated": false,
"id": "CVE-2022-21126-7664a4c2",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 955.0,
"function_hash": "326085283453265714613958093407815634087"
},
"target": {
"file": "src/test/java/htsjdk/samtools/reference/FastaSequenceIndexCreatorTest.java",
"function": "testCreate"
},
"deprecated": false,
"id": "CVE-2022-21126-7c700b0a",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 185.0,
"function_hash": "286678755859940100081651349132354931365"
},
"target": {
"file": "src/test/java/htsjdk/samtools/util/IOUtilTest.java",
"function": "testDeletePathLocal"
},
"deprecated": false,
"id": "CVE-2022-21126-7ed52c92",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"300122774035676590908716369429585355294",
"32943598868949688949262475530457027171",
"242270260103788918727575121908543719540",
"282057902519568445356507246879244917388"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/variant/vcf/VCFFileReaderTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-86ae4b6e",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"100595333098813338808881522542262448297",
"202039609062385759556120696770518486677",
"337961014036050031175687382614369976887",
"211819650441313234750705955760350681385"
],
"threshold": 0.9
},
"target": {
"file": "src/main/java/htsjdk/samtools/CoordinateSortedPairInfoMap.java"
},
"deprecated": false,
"id": "CVE-2022-21126-8768789e",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"length": 1576.0,
"function_hash": "9466626151364229112355690081235862103"
},
"target": {
"file": "src/test/java/htsjdk/samtools/CRAMFileWriterTest.java",
"function": "test_roundtrip_many_reads"
},
"deprecated": false,
"id": "CVE-2022-21126-8eb37215",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 311.0,
"function_hash": "160759159307752445351663967120826486546"
},
"target": {
"file": "src/test/java/htsjdk/tribble/index/IndexTest.java",
"function": "testWriteBasedOnNonRegularFeatureFile"
},
"deprecated": false,
"id": "CVE-2022-21126-9092a010",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 688.0,
"function_hash": "121274500283061263655343136236371116216"
},
"target": {
"file": "src/test/java/htsjdk/variant/vcf/VCFFileReaderTest.java",
"function": "testTabixFileWithEmbeddedSpaces"
},
"deprecated": false,
"id": "CVE-2022-21126-a343a6d7",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 1382.0,
"function_hash": "266103464446038836822721629545148428727"
},
"target": {
"file": "src/test/java/htsjdk/tribble/index/tabix/TabixIndexTest.java",
"function": "testBedTabixIndex"
},
"deprecated": false,
"id": "CVE-2022-21126-a3b3a5cb",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"114372671299854683008513371121488718694",
"2672304339857698527797464118662795256",
"272884606852874486810440344549148339619",
"154439530604665965526382495716510345400"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/tribble/index/IndexTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-a88611a8",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"length": 1175.0,
"function_hash": "149160951659493889560684466069218210261"
},
"target": {
"file": "src/test/java/htsjdk/samtools/CRAMMergerTest.java",
"function": "test"
},
"deprecated": false,
"id": "CVE-2022-21126-a8cfcfcc",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"280403769182634337561239323752942460380",
"264545062983323365025073332406696475336",
"245100807922922837448171021738114361606",
"279811992101261578290737748033193276503"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/tribble/index/tabix/TabixIndexTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-aaa8767b",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"length": 185.0,
"function_hash": "286678755859940100081651349132354931365"
},
"target": {
"file": "src/test/java/htsjdk/samtools/util/IOUtilTest.java",
"function": "testDeleteArrayPathLocal"
},
"deprecated": false,
"id": "CVE-2022-21126-bb629a8b",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 1564.0,
"function_hash": "146509699132295885102358894247455907399"
},
"target": {
"file": "src/test/java/htsjdk/samtools/BAMMergerTest.java",
"function": "test"
},
"deprecated": false,
"id": "CVE-2022-21126-bfab3ffe",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"length": 436.0,
"function_hash": "294036242196590297259219949272945188853"
},
"target": {
"file": "src/main/java/htsjdk/samtools/util/IOUtil.java",
"function": "createTempDir"
},
"deprecated": false,
"id": "CVE-2022-21126-c0bae84d",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"190243121404175968556898503944779845338",
"172682995083196134213455740128378881106",
"12023482309185834494286041149571868825",
"202918850739020559284473976957690329970"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/samtools/BAMMergerTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-c5f12e80",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"61791876032813049354230572162999374631",
"253565403215050999439964306632740680227",
"220956288238792380308541465219447540855",
"179533867407900361184049820616023785505"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/samtools/seekablestream/SeekableStreamFactoryTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-d7f73a18",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"length": 1014.0,
"function_hash": "28145086513290227736704000415858426624"
},
"target": {
"file": "src/test/java/htsjdk/variant/vcf/VCFMergerTest.java",
"function": "test"
},
"deprecated": false,
"id": "CVE-2022-21126-dfdb6127",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"190243121404175968556898503944779845338",
"172682995083196134213455740128378881106",
"293235393138786139002660199572186991249",
"151849234040404759313695997166942287696"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/samtools/CRAMMergerTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-e5136afe",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"219303093302610931000840205624420441734",
"156624168678841347760494889835145344694",
"105696749786711942067758415275282464393",
"38099631442077724695177261244134291289",
"29907395222244795724879480362708334585",
"122826902429240120194415728383411189581",
"95180639451347538205729967339151699721",
"113176498560488144804179735443235014761",
"292399557583414159193010501212873486313",
"59216962601648208813585834575980852124",
"284886911664172518140396777386806721986",
"336123041948377893916680852001375948588",
"91107236410292847939168368337542199903",
"176273004629473307055238271847515203639",
"67706947848449502591657550251377191637",
"87488975336697898126144582452987717160",
"22207339306869595383236230966227740929"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/samtools/util/IOUtilTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-eb5ca53c",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"30194100635754640455313632008922236747",
"93852679511774579881014438548474803720",
"303045893536239506386568679119582466229",
"302001699534537354798979176157499974991",
"93324487414781355924565174988624757285",
"108884137218457734529515960734326863063",
"16227464792642814416749199333903477116",
"190674427287627694301273133448945678620"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/htsjdk/samtools/CRAMFileWriterTest.java"
},
"deprecated": false,
"id": "CVE-2022-21126-f48a8607",
"signature_version": "v1",
"source": "https://github.com/samtools/htsjdk/commit/4a4024a97ee3e87096df6ad9b22c8260bd527772",
"signature_type": "Line"
}
]