CVE-2020-1945

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-1945
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1945.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1945
Aliases
Related
Published
2020-05-14T16:15:12Z
Modified
2024-06-30T12:00:03Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

References

Affected packages

Debian:11 / ant

Package

Name
ant
Purl
pkg:deb/debian/ant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.8-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / ant

Package

Name
ant
Purl
pkg:deb/debian/ant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.8-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / ant

Package

Name
ant
Purl
pkg:deb/debian/ant?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.8-1

Ecosystem specific

{
    "urgency": "low"
}