ant

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Java based build tool
Version 1.10.15-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2151 1.10.10-1 1.10.11-1 Low Fixed
AVG-1312 1.10.8-1 1.10.9-1 Medium Fixed
AVG-1159 1.10.7-1 1.10.8-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-36374 AVG-2151 Low No Denial of service
When reading a specially crafted ZIP archive, or a derived format, Apache Ant before version 1.10.11 can be made to allocate large amounts of memory that...
CVE-2021-36373 AVG-2151 Low No Denial of service
When reading a specially crafted TAR archive, Apache Ant before version 1.10.11 can be made to allocate large amounts of memory that finally leads to an out...
CVE-2020-11979 AVG-1312 Medium No Arbitrary code execution
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access...
CVE-2020-1945 AVG-1159 Medium No Arbitrary command execution
Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive...

Advisories

Date Advisory Group Severity Type
20 Jul 2021 ASA-202107-43 AVG-2151 Low denial of service
05 Dec 2020 ASA-202012-5 AVG-1312 Medium arbitrary code execution
20 May 2020 ASA-202005-15 AVG-1159 Medium arbitrary command execution