Sign In

CVE-2020-1945

ADVISORY - github

Summary

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

EPSS Score: 0.00021 (0.041)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-668

Exposure of Resource to Wrong Sphere

ADVISORY - github

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-668

Exposure of Resource to Wrong Sphere

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-668

Exposure of Resource to Wrong Sphere

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-377

Insecure Temporary File

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in