mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
a87c8c972e
Committer: Bill Situ <Bill.Situ@.oracle.com> On branch cna/Oracle/CPU2022Jan3rd Changes to be committed: modified: 2013/6xxx/CVE-2013-6440.json modified: 2016/7xxx/CVE-2016-7103.json modified: 2017/5xxx/CVE-2017-5645.json modified: 2018/11xxx/CVE-2018-11771.json modified: 2018/1xxx/CVE-2018-1311.json modified: 2018/1xxx/CVE-2018-1324.json modified: 2019/10xxx/CVE-2019-10086.json modified: 2019/10xxx/CVE-2019-10219.json modified: 2019/11xxx/CVE-2019-11358.json modified: 2019/13xxx/CVE-2019-13734.json modified: 2019/17xxx/CVE-2019-17091.json modified: 2019/17xxx/CVE-2019-17195.json modified: 2019/17xxx/CVE-2019-17495.json modified: 2019/17xxx/CVE-2019-17566.json modified: 2020/10xxx/CVE-2020-10543.json modified: 2020/10xxx/CVE-2020-10683.json modified: 2020/10xxx/CVE-2020-10878.json modified: 2020/11xxx/CVE-2020-11022.json modified: 2020/11xxx/CVE-2020-11023.json modified: 2020/11xxx/CVE-2020-11979.json modified: 2020/11xxx/CVE-2020-11987.json modified: 2020/12xxx/CVE-2020-12723.json modified: 2020/13xxx/CVE-2020-13817.json modified: 2020/13xxx/CVE-2020-13934.json modified: 2020/13xxx/CVE-2020-13935.json modified: 2020/13xxx/CVE-2020-13936.json modified: 2020/13xxx/CVE-2020-13949.json modified: 2020/13xxx/CVE-2020-13956.json modified: 2020/14xxx/CVE-2020-14340.json modified: 2020/15xxx/CVE-2020-15824.json modified: 2020/17xxx/CVE-2020-17521.json modified: 2020/17xxx/CVE-2020-17527.json modified: 2020/17xxx/CVE-2020-17530.json modified: 2020/1xxx/CVE-2020-1945.json modified: 2020/1xxx/CVE-2020-1963.json modified: 2020/24xxx/CVE-2020-24616.json modified: 2020/24xxx/CVE-2020-24750.json modified: 2020/25xxx/CVE-2020-25649.json modified: 2020/26xxx/CVE-2020-26217.json modified: 2020/27xxx/CVE-2020-27216.json modified: 2020/27xxx/CVE-2020-27618.json modified: 2020/28xxx/CVE-2020-28052.json modified: 2020/28xxx/CVE-2020-28469.json modified: 2020/28xxx/CVE-2020-28500.json modified: 2020/29xxx/CVE-2020-29582.json modified: 2020/35xxx/CVE-2020-35490.json modified: 2020/35xxx/CVE-2020-35491.json modified: 2020/35xxx/CVE-2020-35728.json modified: 2020/36xxx/CVE-2020-36179.json modified: 2020/36xxx/CVE-2020-36180.json modified: 2020/36xxx/CVE-2020-36181.json modified: 2020/36xxx/CVE-2020-36182.json modified: 2020/36xxx/CVE-2020-36183.json modified: 2020/36xxx/CVE-2020-36184.json modified: 2020/36xxx/CVE-2020-36185.json modified: 2020/36xxx/CVE-2020-36186.json modified: 2020/36xxx/CVE-2020-36187.json modified: 2020/36xxx/CVE-2020-36188.json modified: 2020/36xxx/CVE-2020-36189.json modified: 2020/5xxx/CVE-2020-5258.json modified: 2020/5xxx/CVE-2020-5421.json modified: 2020/6xxx/CVE-2020-6950.json modified: 2020/7xxx/CVE-2020-7712.json modified: 2020/8xxx/CVE-2020-8177.json modified: 2020/8xxx/CVE-2020-8203.json modified: 2020/8xxx/CVE-2020-8284.json modified: 2020/8xxx/CVE-2020-8285.json modified: 2020/8xxx/CVE-2020-8554.json modified: 2020/8xxx/CVE-2020-8908.json modified: 2020/9xxx/CVE-2020-9281.json modified: 2020/9xxx/CVE-2020-9484.json modified: 2021/20xxx/CVE-2021-20718.json modified: 2021/21xxx/CVE-2021-21341.json modified: 2021/21xxx/CVE-2021-21342.json modified: 2021/21xxx/CVE-2021-21343.json modified: 2021/21xxx/CVE-2021-21344.json modified: 2021/21xxx/CVE-2021-21345.json modified: 2021/21xxx/CVE-2021-21346.json modified: 2021/21xxx/CVE-2021-21347.json modified: 2021/21xxx/CVE-2021-21348.json modified: 2021/21xxx/CVE-2021-21349.json modified: 2021/21xxx/CVE-2021-21350.json modified: 2021/21xxx/CVE-2021-21351.json modified: 2021/21xxx/CVE-2021-21409.json modified: 2021/21xxx/CVE-2021-21703.json modified: 2021/21xxx/CVE-2021-21705.json modified: 2021/21xxx/CVE-2021-21783.json modified: 2021/22xxx/CVE-2021-22118.json modified: 2021/22xxx/CVE-2021-22119.json modified: 2021/22xxx/CVE-2021-22298.json modified: 2021/22xxx/CVE-2021-22897.json modified: 2021/22xxx/CVE-2021-22898.json modified: 2021/22xxx/CVE-2021-22901.json modified: 2021/22xxx/CVE-2021-22924.json modified: 2021/22xxx/CVE-2021-22925.json modified: 2021/22xxx/CVE-2021-22926.json modified: 2021/22xxx/CVE-2021-22931.json modified: 2021/22xxx/CVE-2021-22939.json modified: 2021/22xxx/CVE-2021-22940.json modified: 2021/22xxx/CVE-2021-22946.json modified: 2021/22xxx/CVE-2021-22947.json modified: 2021/22xxx/CVE-2021-22959.json modified: 2021/22xxx/CVE-2021-22960.json modified: 2021/23xxx/CVE-2021-23017.json modified: 2021/23xxx/CVE-2021-23336.json modified: 2021/23xxx/CVE-2021-23337.json modified: 2021/23xxx/CVE-2021-23440.json modified: 2021/23xxx/CVE-2021-23840.json modified: 2021/25xxx/CVE-2021-25122.json modified: 2021/25xxx/CVE-2021-25329.json modified: 2021/26xxx/CVE-2021-26272.json modified: 2021/26xxx/CVE-2021-26691.json modified: 2021/27xxx/CVE-2021-27568.json modified: 2021/28xxx/CVE-2021-28163.json modified: 2021/28xxx/CVE-2021-28164.json modified: 2021/28xxx/CVE-2021-28165.json modified: 2021/28xxx/CVE-2021-28169.json modified: 2021/29xxx/CVE-2021-29425.json modified: 2021/29xxx/CVE-2021-29505.json modified: 2021/29xxx/CVE-2021-29921.json modified: 2021/29xxx/CVE-2021-29923.json modified: 2021/30xxx/CVE-2021-30639.json modified: 2021/30xxx/CVE-2021-30640.json modified: 2021/31xxx/CVE-2021-31684.json modified: 2021/31xxx/CVE-2021-31811.json modified: 2021/31xxx/CVE-2021-31812.json modified: 2021/32xxx/CVE-2021-32012.json modified: 2021/32xxx/CVE-2021-32013.json modified: 2021/32xxx/CVE-2021-32014.json modified: 2021/32xxx/CVE-2021-32723.json modified: 2021/32xxx/CVE-2021-32808.json modified: 2021/32xxx/CVE-2021-32809.json modified: 2021/32xxx/CVE-2021-32827.json modified: 2021/33xxx/CVE-2021-33037.json modified: 2021/33xxx/CVE-2021-33193.json modified: 2021/33xxx/CVE-2021-33560.json modified: 2021/33xxx/CVE-2021-33880.json modified: 2021/33xxx/CVE-2021-33909.json modified: 2021/34xxx/CVE-2021-34428.json modified: 2021/34xxx/CVE-2021-34429.json modified: 2021/34xxx/CVE-2021-34558.json modified: 2021/34xxx/CVE-2021-34798.json modified: 2021/35xxx/CVE-2021-35043.json modified: 2021/35xxx/CVE-2021-35515.json modified: 2021/35xxx/CVE-2021-35516.json modified: 2021/35xxx/CVE-2021-35517.json modified: 2021/36xxx/CVE-2021-36090.json modified: 2021/36xxx/CVE-2021-36160.json modified: 2021/36xxx/CVE-2021-36221.json modified: 2021/36xxx/CVE-2021-36373.json modified: 2021/36xxx/CVE-2021-36374.json modified: 2021/36xxx/CVE-2021-36690.json modified: 2021/37xxx/CVE-2021-37136.json modified: 2021/37xxx/CVE-2021-37137.json modified: 2021/37xxx/CVE-2021-37695.json modified: 2021/37xxx/CVE-2021-37714.json modified: 2021/38xxx/CVE-2021-38153.json modified: 2021/39xxx/CVE-2021-39139.json modified: 2021/39xxx/CVE-2021-39140.json modified: 2021/39xxx/CVE-2021-39141.json modified: 2021/39xxx/CVE-2021-39144.json modified: 2021/39xxx/CVE-2021-39145.json modified: 2021/39xxx/CVE-2021-39146.json modified: 2021/39xxx/CVE-2021-39147.json modified: 2021/39xxx/CVE-2021-39148.json modified: 2021/39xxx/CVE-2021-39149.json modified: 2021/39xxx/CVE-2021-39150.json modified: 2021/39xxx/CVE-2021-39151.json modified: 2021/39xxx/CVE-2021-39152.json modified: 2021/39xxx/CVE-2021-39153.json modified: 2021/39xxx/CVE-2021-39154.json modified: 2021/39xxx/CVE-2021-39275.json modified: 2021/3xxx/CVE-2021-3177.json modified: 2021/3xxx/CVE-2021-3326.json modified: 2021/3xxx/CVE-2021-3426.json modified: 2021/3xxx/CVE-2021-3448.json modified: 2021/3xxx/CVE-2021-3516.json modified: 2021/3xxx/CVE-2021-3517.json modified: 2021/3xxx/CVE-2021-3541.json modified: 2021/3xxx/CVE-2021-3634.json modified: 2021/3xxx/CVE-2021-3711.json modified: 2021/3xxx/CVE-2021-3712.json modified: 2021/40xxx/CVE-2021-40438.json modified: 2021/41xxx/CVE-2021-41164.json modified: 2021/41xxx/CVE-2021-41165.json modified: 2021/41xxx/CVE-2021-41355.json modified: 2021/41xxx/CVE-2021-41524.json modified: 2021/41xxx/CVE-2021-41773.json modified: 2021/42xxx/CVE-2021-42013.json modified: 2021/42xxx/CVE-2021-42340.json modified: 2021/42xxx/CVE-2021-42575.json modified: 2021/44xxx/CVE-2021-44224.json modified: 2021/44xxx/CVE-2021-44228.json modified: 2021/44xxx/CVE-2021-44790.json modified: 2021/44xxx/CVE-2021-44832.json modified: 2021/45xxx/CVE-2021-45046.json modified: 2021/45xxx/CVE-2021-45105.json modified: 2021/4xxx/CVE-2021-4104.json
153 lines
7.3 KiB
JSON
153 lines
7.3 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@apache.org",
|
|
"ID": "CVE-2020-11979",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Ant",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "Apache Ant 1.10.8"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "insecure temporary file vulnerability"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E",
|
|
"refsource": "MISC",
|
|
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
|
|
},
|
|
{
|
|
"name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
|
|
"refsource": "MLIST",
|
|
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"
|
|
},
|
|
{
|
|
"name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
|
|
"refsource": "MLIST",
|
|
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"
|
|
},
|
|
{
|
|
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
|
|
"refsource": "MLIST",
|
|
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"
|
|
},
|
|
{
|
|
"name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
|
|
"refsource": "MLIST",
|
|
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"
|
|
},
|
|
{
|
|
"name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
|
|
"refsource": "MLIST",
|
|
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"
|
|
},
|
|
{
|
|
"name": "FEDORA-2020-2640aa4e19",
|
|
"refsource": "FEDORA",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/"
|
|
},
|
|
{
|
|
"name": "FEDORA-2020-92b1d001b3",
|
|
"refsource": "FEDORA",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/"
|
|
},
|
|
{
|
|
"name": "FEDORA-2020-3ce0f55bc5",
|
|
"refsource": "FEDORA",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/"
|
|
},
|
|
{
|
|
"name": "GLSA-202011-18",
|
|
"refsource": "GENTOO",
|
|
"url": "https://security.gentoo.org/glsa/202011-18"
|
|
},
|
|
{
|
|
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
|
|
"refsource": "MISC",
|
|
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
|
|
},
|
|
{
|
|
"name": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm",
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
|
|
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
|
|
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
|
}
|
|
]
|
|
}
|
|
} |