GHSA-4p6w-m9wc-c9c9

Source

https://github.com/advisories/GHSA-4p6w-m9wc-c9c9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-4p6w-m9wc-c9c9/GHSA-4p6w-m9wc-c9c9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4p6w-m9wc-c9c9

Aliases

CVE-2020-1945

Published

2020-09-14T18:13:29Z

Modified

2024-03-15T05:36:14.710154Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Sensitive Data Exposure in Apache Ant

Details

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

References

Affected packages

Maven / org.apache.ant:ant

Package

Name: org.apache.ant:ant; View open source insights on deps.dev
Purl: pkg:maven/org.apache.ant/ant

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1

Fixed

1.9.15

Affected versions

1.*

1.7.0

1.7.1

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

1.9.10

1.9.11

1.9.12

1.9.13

1.9.14

Maven / org.apache.ant:ant

Package

Name: org.apache.ant:ant; View open source insights on deps.dev
Purl: pkg:maven/org.apache.ant/ant

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.10.0

Fixed

1.10.8

Affected versions

1.*

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7