As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an malicious user to inject modified source files into the build process.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache ant 1.10.8 |
||
gradle gradle |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
oracle agile engineering data management 6.2.1.0 |
||
oracle api gateway 11.1.2.4.0 |
||
oracle banking platform 2.4.0 |
||
oracle banking platform 2.4.1 |
||
oracle banking platform 2.6.2 |
||
oracle banking platform 2.7.0 |
||
oracle banking platform 2.7.1 |
||
oracle banking platform 2.8.0 |
||
oracle banking treasury management 14.4 |
||
oracle communications unified inventory management 7.4.0 |
||
oracle communications unified inventory management 7.4.1 |
||
oracle data integrator 12.2.1.3.0 |
||
oracle data integrator 12.2.1.4.0 |
||
oracle endeca information discovery studio 3.2.0.0 |
||
oracle enterprise repository 11.1.1.7.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle financial services analytical applications infrastructure 8.1.0 |
||
oracle financial services analytical applications infrastructure 8.1.1 |
||
oracle flexcube private banking 12.0.0 |
||
oracle flexcube private banking 12.1.0 |
||
oracle primavera gateway |
||
oracle primavera unifier |
||
oracle primavera unifier 16.1 |
||
oracle primavera unifier 16.2 |
||
oracle primavera unifier 18.8 |
||
oracle primavera unifier 19.12 |
||
oracle primavera unifier 20.12 |
||
oracle real-time decision server 3.2.0.0 |
||
oracle real-time decision server 11.1.1.9.0 |
||
oracle retail advanced inventory planning 14.1 |
||
oracle retail assortment planning 16.0.3 |
||
oracle retail category management planning & optimization 16.0.3 |
||
oracle retail eftlink 19.0.1 |
||
oracle retail eftlink 20.0.0 |
||
oracle retail financial integration 14.1.3 |
||
oracle retail financial integration 15.0.3 |
||
oracle retail financial integration 16.0.3 |
||
oracle retail integration bus 15.0.3 |
||
oracle retail item planning 16.0.3 |
||
oracle retail macro space optimization 16.0.3 |
||
oracle retail merchandise financial planning 16.0.3 |
||
oracle retail merchandising system 14.1.3.2 |
||
oracle retail merchandising system 16.0.3 |
||
oracle retail predictive application server 14.1 |
||
oracle retail regular price optimization 16.0.3 |
||
oracle retail replenishment optimization 16.0.3 |
||
oracle retail service backbone 14.1.3 |
||
oracle retail service backbone 15.0.3 |
||
oracle retail service backbone 16.0.3 |
||
oracle retail size profile optimization 16.0.3 |
||
oracle retail store inventory management 14.1.3.9 |
||
oracle retail store inventory management 15.0.3.0 |
||
oracle retail store inventory management 16.0.3.0 |
||
oracle retail xstore point of service 15.0.4 |
||
oracle retail xstore point of service 16.0.6 |
||
oracle retail xstore point of service 17.0.4 |
||
oracle retail xstore point of service 18.0.3 |
||
oracle retail xstore point of service 19.0.2 |
||
oracle storagetek acsls 8.5.1 |
||
oracle storagetek tape analytics 2.4 |
||
oracle timesten in-memory database |
||
oracle utilities framework 4.3.0.5.0 |
||
oracle utilities framework 4.3.0.6.0 |
||
oracle utilities framework 4.4.0.0.0 |
||
oracle utilities framework 4.4.0.2.0 |