Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 309
    • Issues 309
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #288

Closed
Open
Created May 15, 2020 by Emily@emily🤖

user/ant: CVE-2020-1945: insecure temporary file use

Bugzilla ID 288
Alias(es) CVE-2020-11979, CVE-2020-1945
Reporter Max Rees (sroracle)
Assignee Alyx Wolcott
Reported 2020-05-15 17:03:51 -0500
Modified 2020-10-26 20:18:38 -0500
Status IN_PROGRESS
Version 1.0-RC1
Hardware Adélie Linux / All
Importance --- / normal
Package(s) user/ant
URL https://nvd.nist.gov/vuln/detail/CVE-2020-1945

Description

CVE-2020-1945: https://nvd.nist.gov/vuln/detail/CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default
temporary directory identified by the Java system property
java.io.tmpdir for several tasks and may thus leak sensitive
information. The fixcrlf and replaceregexp tasks also copy files from
the temporary directory back into the build tree allowing an attacker
to inject modified source files into the build process.

https://www.openwall.com/lists/oss-security/2020/05/13/1
http://ant.apache.org/security.html
Fixed in >= 1.10.8

Edited Nov 04, 2021 by Zach van Rijn
Assignee
Assign to
Time tracking