Vulnerability Details : CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Products affected by CVE-2020-1945
- cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
- Oracle » Health Sciences Information ManagerVersions from including (>=) 3.0 and up to, including, (<=) 3.0.2cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
- Oracle » Financial Services Analytical Applications InfrastructureVersions from including (>=) 8.0.6 and up to, including, (<=) 8.1.0cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_bulk_data_integration:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_bulk_data_integration:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
- Oracle » Communications Diameter Signaling RouterVersions from including (>=) 8.0.0 and up to, including, (<=) 8.2.2cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_assortment_planning:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
- Oracle » Utilities FrameworkVersions from including (>=) 4.3.0.1.0 and up to, including, (<=) 4.3.0.6.0cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*
- Oracle » Banking Enterprise CollectionsVersions from including (>=) 2.7.0 and up to, including, (<=) 2.9.0cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*
- Oracle » Banking Liquidity ManagementVersions from including (>=) 14.0.0 and up to, including, (<=) 14.4.0cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:category_management_planning_\&_optimization:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_item_planning:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_macro_space_optimization:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_merchandise_financial_planning:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_regular_price_optimization:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_replenishment_optimization:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_size_profile_optimization:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-1945
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 3 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1945
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.3
|
LOW | AV:L/AC:M/Au:N/C:P/I:P/A:N |
3.4
|
4.9
|
NIST | |
|
6.3
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.0
|
5.2
|
NIST |
CWE ids for CVE-2020-1945
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-1945
-
https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E
[jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E
[jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E
[CVE-2020-11979] Apache Ant insecure temporary file vulnerability - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E
Pony Mail!Mailing List;Patch;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E
[creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945 - Pony MailPatch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2020/09/30/6
oss-security - [CVE-2020-11979] Apache Ant insecure temporary file vulnerabilityMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E
[jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E
[SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E
[jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMitigation;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E
[jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E
[jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E
[jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Mitigation;Patch;Vendor Advisory
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E
[jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Mitigation;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E
svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/Mailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E
[myfaces-tobago] 02/22: update ant because of CVE-2020-1945 - Pony MailMailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E
[jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E
[creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945 - Pony MailMailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E
[jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E
[CVE-2020-1945] Apache Ant insecure temporary file vulnerability - Pony MailMailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpujan2021.html
Oracle Critical Patch Update Advisory - January 2021Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/12/06/1
oss-security - [CVE-2020-17521]: Apache Groovy Information DisclosureMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/
[SECURITY] Fedora 31 Update: ant-1.10.8-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html
[security-announce] openSUSE-SU-2020:1022-1: moderate: Security update fMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E
Pony Mail!Mailing List;Patch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/
[SECURITY] Fedora 32 Update: ant-1.10.8-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E
[jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E
[jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E
[jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E
[jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Vendor Advisory
-
https://security.gentoo.org/glsa/202007-34
Apache Ant: Multiple vulnerabilities (GLSA 202007-34) — Gentoo securityThird Party Advisory
-
https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E
[CVE-2020-11979] Apache Ant insecure temporary file vulnerability - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E
[jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 - Pony MailMailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E
[jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Mitigation;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E
Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E
[jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E
Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E
[SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure - Pony MailMailing List;Vendor Advisory
-
https://usn.ubuntu.com/4380-1/
USN-4380-1: Apache Ant vulnerability | Ubuntu security noticesMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E
[jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E
[jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
Jump to