Vulnerability in Apache Ant
CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also co…
EPSS: 0.019 (76.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Apache Ant
- Oracle Agile_engineering_data_management — versions 6.2.1.0
- Oracle Banking_enterprise_collections
- Oracle Banking_liquidity_management
- Oracle Banking_platform
- Oracle Business_process_management_suite — versions 12.2.1.3.0, 12.2.1.4.0
- Oracle Category_management_planning_\&_optimization — versions 15.0.3
- Oracle Communications_asap — versions 7.3
- Oracle Communications_diameter_signaling_router
- Oracle Communications_metasolv_solution — versions 6.3.0
Weakness classification (CWE)
References
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
- security@apache.org (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2020-1945?
- CVE-2020-1945 is a medium-severity vulnerability in Apache Ant, classified under Exposure of Resource to Wrong Sphere. CVSS score: 6.3/10. Published 2020-05-14.
- How severe is CVE-2020-1945?
- Medium severity. CVSS v3 base score is 6.3 out of 10.