Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-1945

Опубликовано: 14 мая 2020
Источник: debian
EPSS Низкий

Описание

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
antfixed1.10.8-1package
antno-dsabusterpackage
antno-dsastretchpackage
antno-dsajessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2020/05/13/1

  • https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (1.9.15)

  • https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (1.9.15)

  • https://github.com/apache/ant/commit/d591851ae3921172bb825b5a5344afa3de0e28ca (10.8)

  • https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (10.8)

  • https://github.com/apache/ant/commit/041b058c7bf10a94d56db3ca9dba38cf90ab9943 (10.8)

  • https://github.com/apache/ant/commit/a8645a151bc706259fb1789ef587d05482d98612 (10.8)

  • https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (10.8)

  • Adressing CVE-2020-1945 introduces a new issue CVE-2020-11979.

EPSS

Процентиль: 5%
0.00021
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-1945

CVSS3: 6.3
ubuntu
больше 5 лет назад

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

redhat логотип

CVE-2020-1945

CVSS3: 6.3
redhat
больше 5 лет назад

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

nvd логотип

CVE-2020-1945

CVSS3: 6.3
nvd
больше 5 лет назад

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

suse-cvrf логотип

openSUSE-SU-2020:1022-1

suse-cvrf
больше 5 лет назад

Security update for ant

suse-cvrf логотип

SUSE-SU-2020:1944-1

suse-cvrf
больше 5 лет назад

Security update for ant

EPSS

Процентиль: 5%
0.00021
Низкий