Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-04T06:54:00.377Z
Reserved: 2019-12-02T00:00:00
Link: CVE-2020-1945

No data.

Status : Modified
Published: 2020-05-14T16:15:12.767
Modified: 2024-11-21T05:11:42.183
Link: CVE-2020-1945


No data.