Search criteria
3 vulnerabilities found for category_management_planning_\&_optimization by oracle
FKIE_CVE-2020-1945
Vulnerability from fkie_nvd - Published: 2020-05-14 16:15 - Updated: 2024-11-21 05:11
Severity ?
Summary
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B89E03B-8066-45B2-9EC5-960A69B839F0",
"versionEndIncluding": "1.9.14",
"versionStartIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC8E517-4020-4DB2-B1E3-F68CC0D074C9",
"versionEndIncluding": "1.10.7",
"versionStartIncluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A7EB29-65F6-4626-BA32-15D819B2B1AA",
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "965EDB5A-A8E9-4ACB-AA93-610F13031A90",
"versionEndIncluding": "14.4.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:category_management_planning_\\\u0026_optimization:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9038EC-AFF9-46C8-ABE4-BE4BBDFD3E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC9E01-616E-411B-B0C7-DE6E599D3319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "991A279B-9D7C-4E39-8827-BC21C2C03B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A69266D2-72D0-4A6C-883D-2597FE30931B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448762C8-9CA2-40CD-968C-FABD05D20FAD",
"versionEndIncluding": "3.0.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED",
"versionEndIncluding": "17.12.7",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2288B1-FF5E-46BC-8551-4CC6B046A0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43DA1635-08DA-434D-AA39-20D117468B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "037A31EF-B0AF-4800-B6F4-9CDE92ABB730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13F93FA2-B50B-4274-B636-740AEE587414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F701CFD0-AA7D-44B1-BC17-5666CDE32196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C401E65A-8FA0-44E6-9AFC-6CC06498122F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4F8ECA-028E-486D-B318-E4CF5FE91A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31AC22-CF51-4F0B-84BF-716CCB45AD9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F09182F-D0F2-41A7-A4AB-79099194B2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44AA1B51-8A24-48F0-B16F-803D69698707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "919DED83-2F88-4202-9556-5F4E5E1E6790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A29C39DD-971B-4A3F-BA08-91C8CC9B4A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97DD0665-C420-4F6F-AD1F-07674B13614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_item_planning:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B54AAF6-A011-4108-A741-209AAFEBA1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_macro_space_optimization:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEB643C-684B-42A7-983C-187F8D134E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandise_financial_planning:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5003D578-C9C2-4EC6-8866-5406789AEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5EF655-EC1E-4ED3-B4AE-D74492577BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F12FFD3D-ED01-46AC-97B2-ADFEE80A2537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "118E48CE-8603-442B-B9C9-E30A41E4D974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_regular_price_optimization:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60A1BB93-EFAD-4684-A87C-5FD0A7F2955A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0922934E-2658-430F-99BE-A13C8A5F4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_replenishment_optimization:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "558A12F0-7070-461D-B5A5-911CDB34CD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1581DEE7-48C3-4832-B616-A25D9DD3E898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77326E29-0F3C-4BF1-905F-FF89EB9A897A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_size_profile_optimization:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "013198BA-493A-4AD6-ADD7-A19FD81C7857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74ACC94B-4A9F-451D-B639-6008A108BDDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1933509-1BEA-45DA-B6AF-2713B432B1F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA1BF68-635B-4577-B3F7-DEBC39567C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B202AEF-1197-441B-8EA1-2913BFD8A545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78D8F551-8DC8-4510-8350-AE6BC64748DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "513AE97F-161C-43D2-B2D1-653125A9E920",
"versionEndExcluding": "11.2.2.8.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EB3DE5-142C-43A5-9735-CB73C54D42E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D883EED9-CC64-479D-9C0A-35EB16F43AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
},
{
"lang": "es",
"value": "Apache Ant versiones 1.1 hasta 1.9.14 y versiones 1.10.0 hasta 1.10.7, utiliza el directorio temporal por defecto identificado por la propiedad del sistema Java java.io.tmpdir para varias tareas y puede, por tanto, filtrar informaci\u00f3n confidencial. Las tareas fixcrlf y replaceregexp tambi\u00e9n copian los archivos desde el directorio temporal de nuevo en el \u00e1rbol de compilaci\u00f3n, lo que permite a un atacante inyectar archivos fuente modificados en el proceso de compilaci\u00f3n."
}
],
"id": "CVE-2020-1945",
"lastModified": "2024-11-21T05:11:42.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T16:15:12.767",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-1945 (GCVE-0-2020-1945)
Vulnerability from cvelistv5 – Published: 2020-05-14 15:57 – Updated: 2024-08-04 06:54
VLAI?
Summary
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Severity ?
No CVSS data available.
CWE
- insecure temporary file vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Ant |
Affected:
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
},
{
"name": "USN-4380-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"name": "FEDORA-2020-52741b0a49",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
},
{
"name": "FEDORA-2020-7f07da3fef",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
},
{
"name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"name": "GLSA-202007-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
},
{
"name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
},
{
"name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
},
{
"name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
},
{
"name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ant",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insecure temporary file vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T14:40:33",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
},
{
"name": "USN-4380-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"name": "FEDORA-2020-52741b0a49",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
},
{
"name": "FEDORA-2020-7f07da3fef",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
},
{
"name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"name": "GLSA-202007-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
},
{
"name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
},
{
"name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
},
{
"name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
},
{
"name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ant",
"version": {
"version_data": [
{
"version_value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure temporary file vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"
},
{
"name": "USN-4380-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"name": "FEDORA-2020-52741b0a49",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
},
{
"name": "FEDORA-2020-7f07da3fef",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
},
{
"name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"
},
{
"name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"name": "GLSA-202007-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"
},
{
"name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"
},
{
"name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"
},
{
"name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"
},
{
"name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"
},
{
"name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"
},
{
"name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1945",
"datePublished": "2020-05-14T15:57:34",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1945 (GCVE-0-2020-1945)
Vulnerability from nvd – Published: 2020-05-14 15:57 – Updated: 2024-08-04 06:54
VLAI?
Summary
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Severity ?
No CVSS data available.
CWE
- insecure temporary file vulnerability
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Ant |
Affected:
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
},
{
"name": "USN-4380-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"name": "FEDORA-2020-52741b0a49",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
},
{
"name": "FEDORA-2020-7f07da3fef",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
},
{
"name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"name": "GLSA-202007-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
},
{
"name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
},
{
"name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
},
{
"name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
},
{
"name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ant",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insecure temporary file vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T14:40:33",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
},
{
"name": "USN-4380-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"name": "FEDORA-2020-52741b0a49",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
},
{
"name": "FEDORA-2020-7f07da3fef",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
},
{
"name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"name": "GLSA-202007-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
},
{
"name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
},
{
"name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
},
{
"name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
},
{
"name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ant",
"version": {
"version_data": [
{
"version_value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure temporary file vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"
},
{
"name": "USN-4380-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"name": "FEDORA-2020-52741b0a49",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
},
{
"name": "FEDORA-2020-7f07da3fef",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
},
{
"name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"
},
{
"name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"name": "GLSA-202007-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"
},
{
"name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"
},
{
"name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"
},
{
"name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"
},
{
"name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"
},
{
"name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"
},
{
"name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"
},
{
"name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
},
{
"name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1945",
"datePublished": "2020-05-14T15:57:34",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}