{"id":"CVE-2020-1945","details":"Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.","aliases":["GHSA-4p6w-m9wc-c9c9"],"modified":"2026-04-16T04:35:20.944057885Z","published":"2020-05-14T16:15:12.767Z","related":["SUSE-SU-2020:1944-1","SUSE-SU-2022:4022-1","openSUSE-SU-2020:1022-1","openSUSE-SU-2024:10616-1","openSUSE-SU-2024:11676-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4380-1/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/09/30/6"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-34"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/12/06/1"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/ant","events":[{"introduced":"5b11971b96a39668b89d0210ac6e8c00032995a1"},{"last_affected":"8ec8ecf4eb94b238b09161055e75508155040180"},{"introduced":"451364131fb89af099496ee27703c1a5c408d1f2"},{"last_affected":"80768efaab4003d90252095d160facfc35adc35e"},{"introduced":"0"},{"last_affected":"0e3903c23e894da440c1b21b517989a5e7719d57"},{"introduced":"0"},{"last_affected":"d8381fe36be34fd2b00c1e029792476686726691"},{"introduced":"0"},{"last_affected":"f64b6066d4d43a8fba222d8b2fd93cec2542a748"},{"introduced":"0"},{"last_affected":"ab8035ab67e0187e151cf52714740d91c3c31dc9"},{"introduced":"0"},{"last_affected":"ba9786dbe557e4a12f91a597cc26638b29c93b9f"},{"introduced":"0"},{"last_affected":"ba9786dbe557e4a12f91a597cc26638b29c93b9f"},{"introduced":"0"},{"last_affected":"ba9786dbe557e4a12f91a597cc26638b29c93b9f"},{"introduced":"0"},{"last_affected":"b47c505fa7563e9b0ea1e4667ae8f2f7aed3b007"},{"introduced":"0"},{"last_affected":"451364131fb89af099496ee27703c1a5c408d1f2"},{"introduced":"0"},{"last_affected":"ba9786dbe557e4a12f91a597cc26638b29c93b9f"},{"introduced":"0"},{"last_affected":"ba9786dbe557e4a12f91a597cc26638b29c93b9f"},{"introduced":"0"},{"last_affected":"ba9786dbe557e4a12f91a597cc26638b29c93b9f"},{"introduced":"0"},{"last_affected":"ba9786dbe557e4a12f91a597cc26638b29c93b9f"}],"database_specific":{"versions":[{"introduced":"1.1"},{"last_affected":"1.9.14"},{"introduced":"1.10.0"},{"last_affected":"1.10.7"},{"introduced":"0"},{"last_affected":"31"},{"introduced":"0"},{"last_affected":"15.2"},{"introduced":"0"},{"last_affected":"16.1"},{"introduced":"0"},{"last_affected":"16.2"},{"introduced":"0"},{"last_affected":"14.1"},{"introduced":"0"},{"last_affected":"14.1"},{"introduced":"0"},{"last_affected":"14.1"},{"introduced":"0"},{"last_affected":"1.9"},{"introduced":"0"},{"last_affected":"1.10"},{"introduced":"0"},{"last_affected":"14.1"},{"introduced":"0"},{"last_affected":"14.1"},{"introduced":"0"},{"last_affected":"14.1"},{"introduced":"0"},{"last_affected":"14.1"}]}}],"versions":["ANT_1.10.0_RC1","ANT_1.10.6_RC1","ANT_1.10.7_RC1","ANT_14_B1","ANT_16_B1","ANT_16_B2","ANT_190","ANT_1914_RC1","ANT_MAIN_15B2","TOMCAT_31_FINAL","rel/1.10.0","rel/1.10.7","rel/1.9.0","rel/1.9.14"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.1.0"}]},{"events":[{"introduced":"2.7.0"},{"last_affected":"2.9.0"}]},{"events":[{"introduced":"14.0.0"},{"last_affected":"14.4.0"}]},{"events":[{"introduced":"2.4.0"},{"last_affected":"2.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"8.0.0"},{"last_affected":"8.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.4.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.1.1.7.0"}]},{"events":[{"introduced":"8.0.6"},{"last_affected":"8.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.0"}]},{"events":[{"introduced":"3.0"},{"last_affected":"3.0.2"}]},{"events":[{"introduced":"16.2.0"},{"last_affected":"16.2.11"}]},{"events":[{"introduced":"17.12.0"},{"last_affected":"17.12.7"}]},{"events":[{"introduced":"17.7"},{"last_affected":"17.12"}]},{"events":[{"introduced":"0"},{"last_affected":"18.8"}]},{"events":[{"introduced":"0"},{"last_affected":"19.12"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2.5"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2.8"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"18.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.2"}]},{"events":[{"introduced":"0"},{"fixed":"11.2.2.8.27"}]},{"events":[{"introduced":"0"},{"last_affected":"11.2.2.8.49"}]},{"events":[{"introduced":"4.3.0.1.0"},{"last_affected":"4.3.0.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.2.0.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.0.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.0.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.0.2.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1945.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}