Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2020-05-14T15:57:34
Updated: 2024-08-04T06:54:00.377Z
Reserved: 2019-12-02T00:00:00
Link: CVE-2020-1945
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-05-14T16:15:12.767
Modified: 2024-11-21T05:11:42.183
Link: CVE-2020-1945
Redhat