CVEFinder.io

CVE-2020-1945

🔶 medium
Summary

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

CVSS Score
6.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2020-05-14
First Seen: 2026-01-05
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE IDs (Weakness Types)
CWE-668

🔗 References 104

http://lists.opensuse.org/opensuse-security-announce...
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/09/30/6
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/12/06/1
Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r0d08a96ba9de8a...
https://lists.apache.org/thread.html/r107ea1b1a7a214...
https://lists.apache.org/thread.html/r1863b9ce4c3e4b...
https://lists.apache.org/thread.html/r1a9c992d7c8219...
https://lists.apache.org/thread.html/r1b32c76afffcf6...
https://lists.apache.org/thread.html/r1dc8518dc99c42...
https://lists.apache.org/thread.html/r2306b67f20c249...
https://lists.apache.org/thread.html/r2704fb14ce068c...
https://lists.apache.org/thread.html/r3cea0f3da4f6d0...
https://lists.apache.org/thread.html/r4b2904d64affd4...
https://lists.apache.org/thread.html/r4ca33fad3fb39d...
https://lists.apache.org/thread.html/r5dfc77048b1f9d...
https://lists.apache.org/thread.html/r5e1cdd79f01916...
https://lists.apache.org/thread.html/r6030d34ceacd00...
https://lists.apache.org/thread.html/r6970d196cd7386...
https://lists.apache.org/thread.html/r6e295d792032ec...
https://lists.apache.org/thread.html/r6edd3e2cb79ee6...
https://lists.apache.org/thread.html/r815f88d1044760...
https://lists.apache.org/thread.html/r8e24abb7dd77cd...
https://lists.apache.org/thread.html/r8e592bbfc016a5...
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r95dc943e47a211...
https://lists.apache.org/thread.html/ra12c3e23b021f2...
https://lists.apache.org/thread.html/ra12c3e23b021f2...
https://lists.apache.org/thread.html/ra12c3e23b021f2...
https://lists.apache.org/thread.html/ra9dab34bf86255...
https://lists.apache.org/thread.html/raaeddc41da8f3a...
https://lists.apache.org/thread.html/rb860063819b9c0...
https://lists.apache.org/thread.html/rb8ec556f176c83...
https://lists.apache.org/thread.html/rbfe9ba28b74f39...
https://lists.apache.org/thread.html/rc3c8ef9724b5b1...
https://lists.apache.org/thread.html/rc89e491b5b270f...
https://lists.apache.org/thread.html/rce099751721c26...
https://lists.apache.org/thread.html/rd7dda48ff835f4...
https://lists.apache.org/thread.html/rda80ac59119558...
https://lists.apache.org/thread.html/rdaa9c51d5dc656...
https://lists.apache.org/thread.html/re1ce84518d773a...
https://lists.apache.org/thread.html/rf07feaf78afc8f...
https://lists.apache.org/thread.html/rfd346609527a79...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://security.gentoo.org/glsa/202007-34
Third Party Advisory
https://usn.ubuntu.com/4380-1/
Mailing List Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce...
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/09/30/6
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/12/06/1
Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r0d08a96ba9de8a...
https://lists.apache.org/thread.html/r107ea1b1a7a214...
https://lists.apache.org/thread.html/r1863b9ce4c3e4b...
https://lists.apache.org/thread.html/r1a9c992d7c8219...
https://lists.apache.org/thread.html/r1b32c76afffcf6...
https://lists.apache.org/thread.html/r1dc8518dc99c42...
https://lists.apache.org/thread.html/r2306b67f20c249...
https://lists.apache.org/thread.html/r2704fb14ce068c...
https://lists.apache.org/thread.html/r3cea0f3da4f6d0...
https://lists.apache.org/thread.html/r4b2904d64affd4...
https://lists.apache.org/thread.html/r4ca33fad3fb39d...
https://lists.apache.org/thread.html/r5dfc77048b1f9d...
https://lists.apache.org/thread.html/r5e1cdd79f01916...
https://lists.apache.org/thread.html/r6030d34ceacd00...
https://lists.apache.org/thread.html/r6970d196cd7386...
https://lists.apache.org/thread.html/r6e295d792032ec...
https://lists.apache.org/thread.html/r6edd3e2cb79ee6...
https://lists.apache.org/thread.html/r815f88d1044760...
https://lists.apache.org/thread.html/r8e24abb7dd77cd...
https://lists.apache.org/thread.html/r8e592bbfc016a5...
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r95dc943e47a211...
https://lists.apache.org/thread.html/ra12c3e23b021f2...
https://lists.apache.org/thread.html/ra12c3e23b021f2...
https://lists.apache.org/thread.html/ra12c3e23b021f2...
https://lists.apache.org/thread.html/ra9dab34bf86255...
https://lists.apache.org/thread.html/raaeddc41da8f3a...
https://lists.apache.org/thread.html/rb860063819b9c0...
https://lists.apache.org/thread.html/rb8ec556f176c83...
https://lists.apache.org/thread.html/rbfe9ba28b74f39...
https://lists.apache.org/thread.html/rc3c8ef9724b5b1...
https://lists.apache.org/thread.html/rc89e491b5b270f...
https://lists.apache.org/thread.html/rce099751721c26...
https://lists.apache.org/thread.html/rd7dda48ff835f4...
https://lists.apache.org/thread.html/rda80ac59119558...
https://lists.apache.org/thread.html/rdaa9c51d5dc656...
https://lists.apache.org/thread.html/re1ce84518d773a...
https://lists.apache.org/thread.html/rf07feaf78afc8f...
https://lists.apache.org/thread.html/rfd346609527a79...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://security.gentoo.org/glsa/202007-34
Third Party Advisory
https://usn.ubuntu.com/4380-1/
Mailing List Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Third Party Advisory

📦 Affected Products 117

Vendor Product Status Affected Versions
fedoraproject fedora Affected
v31
fedoraproject fedora Affected
v32
canonical ubuntu_linux Affected
v19.10
oracle agile_engineering_data_management Affected
v6.2.1.0
oracle enterprise_manager_ops_center Affected
v12.4.0.0
oracle retail_point-of-service Affected
v14.0
oracle retail_point-of-service Affected
v14.1
oracle retail_point-of-service Affected
v15.0
oracle retail_point-of-service Affected
v16.0
oracle retail_xstore_point_of_service Affected
v15.0.4
oracle retail_xstore_point_of_service Affected
v16.0.6
oracle retail_xstore_point_of_service Affected
v17.0.4
oracle retail_xstore_point_of_service Affected
v18.0.3
oracle retail_xstore_point_of_service Affected
v19.0.2
oracle health_sciences_information_manager Affected
≥ 3.0 ≤ 3.0.2
oracle retail_service_backbone Affected
v14.1.3.2
oracle retail_service_backbone Affected
v15.0
oracle retail_service_backbone Affected
v15.0.4.0
oracle retail_service_backbone Affected
v16.0
oracle retail_service_backbone Affected
v16.0.3.0
oracle retail_service_backbone Affected
v19.0.1.0
oracle banking_platform Affected
≥ 2.4.0 ≤ 2.9.0
oracle flexcube_private_banking Affected
v12.0.0
oracle flexcube_private_banking Affected
v12.1.0
opensuse leap Affected
v15.2
oracle financial_services_analytical_applications_infrastructure Affected
≥ 8.0.6 ≤ 8.1.0
oracle communications_order_and_service_management Affected
v7.3
oracle communications_order_and_service_management Affected
v7.4
oracle retail_merchandising_system Affected
v19.0.1
oracle communications_diameter_signaling_router Affected
≥ 8.0.0 ≤ 8.2.2
oracle flexcube_investor_servicing Affected
v12.1.0
oracle flexcube_investor_servicing Affected
v12.3.0
oracle flexcube_investor_servicing Affected
v12.4.0
oracle flexcube_investor_servicing Affected
v14.0.0
oracle flexcube_investor_servicing Affected
v14.1.0
oracle retail_predictive_application_server Affected
v14.0.3
oracle retail_predictive_application_server Affected
v14.1.3
oracle retail_predictive_application_server Affected
v15.0.3
oracle retail_predictive_application_server Affected
v16.0.3
oracle retail_predictive_application_server Affected
v16.0.3.0
oracle utilities_framework Affected
≥ 4.3.0.1.0 ≤ 4.3.0.6.0
oracle utilities_framework Affected
v2.2.0.0.0
oracle utilities_framework Affected
v4.2.0.2.0
oracle utilities_framework Affected
v4.2.0.3.0
oracle utilities_framework Affected
v4.4.0.0.0
oracle utilities_framework Affected
v4.4.0.2.0
oracle data_integrator Affected
v12.2.1.3.0
oracle data_integrator Affected
v12.2.1.4.0
oracle enterprise_repository Affected
v11.1.1.7.0
oracle primavera_gateway Affected
≥ 16.2.0 ≤ 16.2.11
oracle primavera_gateway Affected
≥ 17.12.0 ≤ 17.12.7
oracle primavera_unifier Affected
≥ 17.7 ≤ 17.12
oracle primavera_unifier Affected
v16.1
oracle primavera_unifier Affected
v16.2
oracle primavera_unifier Affected
v18.8
oracle primavera_unifier Affected
v19.12
oracle retail_returns_management Affected
v14.0
oracle retail_returns_management Affected
v14.1
oracle retail_central_office Affected
v14.0
oracle retail_central_office Affected
v14.1
oracle business_process_management_suite Affected
v12.2.1.3.0
oracle business_process_management_suite Affected
v12.2.1.4.0
oracle retail_bulk_data_integration Affected
v15.0
oracle retail_bulk_data_integration Affected
v16.0
oracle retail_bulk_data_integration Affected
v16.0.3.0
oracle retail_bulk_data_integration Affected
v19.0.1
oracle retail_integration_bus Affected
v14.1
oracle retail_integration_bus Affected
v14.1.3.2
oracle retail_integration_bus Affected
v15.0
oracle retail_integration_bus Affected
v15.0.4.0
oracle retail_integration_bus Affected
v16.0
oracle retail_integration_bus Affected
v16.0.3.0
oracle retail_integration_bus Affected
v19.0.1.0
oracle retail_back_office Affected
v14.0
oracle retail_back_office Affected
v14.1
oracle retail_store_inventory_management Affected
v14.0.4
oracle retail_store_inventory_management Affected
v14.1
oracle retail_store_inventory_management Affected
v14.1.3
oracle retail_store_inventory_management Affected
v15.0
oracle retail_store_inventory_management Affected
v15.0.3
oracle retail_store_inventory_management Affected
v16.0
oracle retail_store_inventory_management Affected
v16.0.3
apache ant Affected
≥ 1.10.0 ≤ 1.10.7
apache ant Affected
≥ 1.1 ≤ 1.9.14
oracle timesten_in-memory_database Affected
< 11.2.2.8.27
oracle timesten_in-memory_database Affected
v11.2.2.8.49
oracle rapid_planning Affected
v12.1
oracle rapid_planning Affected
v12.2
oracle retail_advanced_inventory_planning Affected
v14.1
oracle retail_advanced_inventory_planning Affected
v15.0
oracle retail_advanced_inventory_planning Affected
v16.0
oracle retail_assortment_planning Affected
v15.0.3
oracle retail_assortment_planning Affected
v16.0.3
oracle endeca_information_discovery_studio Affected
v3.2.0
oracle retail_financial_integration Affected
v14.1.3.2
oracle retail_financial_integration Affected
v15.0
oracle retail_financial_integration Affected
v15.0.4.0
oracle retail_financial_integration Affected
v16.0
oracle retail_financial_integration Affected
v16.0.3.0
oracle retail_extract_transform_and_load Affected
v13.2.5
oracle retail_extract_transform_and_load Affected
v13.2.8
oracle communications_metasolv_solution Affected
v6.3.0
oracle banking_enterprise_collections Affected
≥ 2.7.0 ≤ 2.9.0
oracle real-time_decision_server Affected
v3.2.1.0
oracle banking_liquidity_management Affected
≥ 14.0.0 ≤ 14.4.0
oracle category_management_planning_\&_optimization Affected
v15.0.3
oracle communications_asap Affected
v7.3
oracle retail_data_extractor_for_merchandising Affected
v1.10
oracle retail_data_extractor_for_merchandising Affected
v1.9
oracle retail_item_planning Affected
v15.0.3
oracle retail_macro_space_optimization Affected
v15.0.3
oracle retail_merchandise_financial_planning Affected
v15.0.3
oracle retail_regular_price_optimization Affected
v15.0.3
oracle retail_regular_price_optimization Affected
v16.0.3
oracle retail_replenishment_optimization Affected
v15.0.3
oracle retail_size_profile_optimization Affected
v15.0.3
oracle retail_size_profile_optimization Affected
v16.0.3

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-21973 ⚠️ high 8.1 0.1 Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Se... 2026-01-20
CVE-2026-21924 🔶 medium 5.4 0.0 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General... 2026-01-20
CVE-2025-53034 🔶 medium 5.4 0.0 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Servic... 2025-10-21
CVE-2025-53035 🔶 medium 6.5 0.1 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Servic... 2025-10-21
CVE-2025-53036 ⚠️ high 8.6 0.1 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Servic... 2025-10-21
CVE-2025-53037 ⛔ critical 9.8 0.1 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Servic... 2025-10-21
These CVEs affect the same products