Lucene search

K
osvGoogleOSV:GHSA-4P6W-M9WC-C9C9
HistorySep 14, 2020 - 6:13 p.m.

Sensitive Data Exposure in Apache Ant

2020-09-1418:13:29
Google
osv.dev
43
apache ant
sensitive data exposure
default temporary directory
java system property
fixcrlf task
replaceregexp task
modified source files

EPSS

0.001

Percentile

32.8%

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

References