VDB
RHSA-2020%3A2618
RHSA-2020%3A2618
PUBLISHED
CVSS 6.300000190734863 MEDIUM
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat AMQ Streams 1.5.0 |
Timeline
- Jun 19, 2020 CVE Published
- Mar 18, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2020:2618 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams&downloadType=distributions&version=1.5.0 advisory
- https://access.redhat.com/products/red-hat-amq#streams advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1816216 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1837444 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2618.json advisory
- https://access.redhat.com/security/cve/CVE-2020-1945 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-1945 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-1945 advisory
- https://access.redhat.com/security/cve/CVE-2020-11612 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-11612 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-11612 advisory