GHSA-4p6w-m9wc-c9c9

Suggest an improvement
Source
https://github.com/advisories/GHSA-4p6w-m9wc-c9c9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-4p6w-m9wc-c9c9/GHSA-4p6w-m9wc-c9c9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4p6w-m9wc-c9c9
Aliases
Published
2020-09-14T18:13:29Z
Modified
2024-03-15T05:36:14.710154Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Sensitive Data Exposure in Apache Ant
Details

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

Database specific
{
    "nvd_published_at": "2020-05-14T16:15:00Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-668"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-09-14T18:12:46Z"
}
References

Affected packages

Maven / org.apache.ant:ant

Package

Name
org.apache.ant:ant
View open source insights on deps.dev
Purl
pkg:maven/org.apache.ant/ant

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1
Fixed
1.9.15

Affected versions

1.*

1.7.0
1.7.1
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14

Maven / org.apache.ant:ant

Package

Name
org.apache.ant:ant
View open source insights on deps.dev
Purl
pkg:maven/org.apache.ant/ant

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.10.0
Fixed
1.10.8

Affected versions

1.*

1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7