Back to search
CVE-2020-1945
Published: May 14, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache Ant | affected Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 |
References
[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945
mailing-list
x_refsource_MLIST
[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945
mailing-list
x_refsource_MLIST
USN-4380-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2020-52741b0a49
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-7f07da3fef
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
openSUSE-SU-2020:1022
vendor-advisory
x_refsource_SUSE
GLSA-202007-34
vendor-advisory
x_refsource_GENTOO
[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945
mailing-list
x_refsource_MLIST
[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability
mailing-list
x_refsource_MLIST
[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability
mailing-list
x_refsource_MLIST
[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability
mailing-list
x_refsource_MLIST
[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979
mailing-list
x_refsource_MLIST
[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure
mailing-list
x_refsource_MLIST
[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure
mailing-list
x_refsource_MLIST
[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure
mailing-list
x_refsource_MLIST
[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure
mailing-list
x_refsource_MLIST
[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure
mailing-list
x_refsource_MLIST
[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now