org.apache.ant:ant

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.ant:antpage 1 of 1

CVE-2020-11979HIGHCVSS 7.5EG 7.5✓ Fixed in 1.10.9
2020-10-01
vulnerable: 1.10.0 ... 1.9.9 (33 versions)
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new o…
CVE-2020-1945MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.10.8
2020-05-14
vulnerable: 1.10.0 ... 1.10.7 (8 versions)
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also co…
CVE-2021-36373MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.10.11
2021-07-14
vulnerable: 1.10.0 ... 1.10.9 (11 versions)
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apac…
CVE-2021-36374MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.10.11
2021-07-14
vulnerable: 1.10.0 ... 1.10.9 (11 versions)
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using A…

Check whether org.apache.ant:ant is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.ant:ant CVEs against the assets you own.

Start Free Scan →