Lucene search

K

Apache Ant Security Vulnerabilities

cve
cve

CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.2CVSS

8.2AI Score

0.001EPSS

2023-08-21 07:15 AM
2538
cve
cve

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant....

7.5CVSS

7.5AI Score

0.004EPSS

2023-01-14 10:15 AM
112
cve
cve

CVE-2021-36374

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives.....

5.5CVSS

5.7AI Score

0.001EPSS

2021-07-14 07:15 AM
497
11
cve
cve

CVE-2021-36373

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were...

5.5CVSS

5.9AI Score

0.001EPSS

2021-07-14 07:15 AM
189
9
cve
cve

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

7.5CVSS

6.9AI Score

0.002EPSS

2020-10-01 08:15 PM
222
3
cve
cve

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS

6.8AI Score

0.001EPSS

2020-05-14 04:15 PM
354
5