VulnerableCode Package Details - pkg:maven/org.apache.ant/ant@1.9.16

Search for packages

Vulnerability	Summary	Fixed by
VCID-unby-h128-v3bk Aliases: CVE-2020-11979 GHSA-f62v-xpxf-3v68 GHSA-j45w-qrgf-25vm	Code injection in Apache Ant As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.	1.10.9 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-unby-h128-v3bk
Aliases:
CVE-2020-11979
GHSA-f62v-xpxf-3v68
GHSA-j45w-qrgf-25vm

Code injection in Apache Ant As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

1.10.9
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2a6z-dfqf-5ycb	Uncontrolled Resource Consumption When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant.	CVE-2021-36373 GHSA-q5r4-cfpx-h6fh
VCID-6uzy-57uy-zkfw	Uncontrolled Resource Consumption When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files.	CVE-2021-36374 GHSA-5v34-g2px-j4fw

Vulnerability

Summary

Aliases

VCID-2a6z-dfqf-5ycb

Uncontrolled Resource Consumption When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant.

CVE-2021-36373
GHSA-q5r4-cfpx-h6fh

VCID-6uzy-57uy-zkfw

Uncontrolled Resource Consumption When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files.

CVE-2021-36374
GHSA-5v34-g2px-j4fw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:27:29.349976+00:00	GitLab Importer	Fixing	VCID-2a6z-dfqf-5ycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2021-36373.yml	38.4.0
2026-04-16T21:27:29.151404+00:00	GitLab Importer	Fixing	VCID-6uzy-57uy-zkfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2021-36374.yml	38.4.0
2026-04-16T21:16:57.844305+00:00	GitLab Importer	Affected by	VCID-unby-h128-v3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2020-11979.yml	38.4.0
2026-04-11T22:40:25.962158+00:00	GitLab Importer	Fixing	VCID-2a6z-dfqf-5ycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2021-36373.yml	38.3.0
2026-04-11T22:40:25.748337+00:00	GitLab Importer	Fixing	VCID-6uzy-57uy-zkfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2021-36374.yml	38.3.0
2026-04-11T22:29:07.797429+00:00	GitLab Importer	Affected by	VCID-unby-h128-v3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2020-11979.yml	38.3.0
2026-04-02T22:50:55.799437+00:00	GitLab Importer	Fixing	VCID-2a6z-dfqf-5ycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2021-36373.yml	38.1.0
2026-04-02T22:50:55.594923+00:00	GitLab Importer	Fixing	VCID-6uzy-57uy-zkfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2021-36374.yml	38.1.0
2026-04-02T22:40:41.948113+00:00	GitLab Importer	Affected by	VCID-unby-h128-v3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2020-11979.yml	38.1.0
2026-04-02T16:57:36.901151+00:00	GHSA Importer	Fixing	VCID-6uzy-57uy-zkfw	https://github.com/advisories/GHSA-5v34-g2px-j4fw	38.1.0
2026-04-02T16:57:36.795389+00:00	GHSA Importer	Fixing	VCID-2a6z-dfqf-5ycb	https://github.com/advisories/GHSA-q5r4-cfpx-h6fh	38.1.0
2026-04-01T16:58:10.030822+00:00	GitLab Importer	Affected by	VCID-unby-h128-v3bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2020-11979.yml	38.0.0
2026-04-01T13:01:33.867761+00:00	GithubOSV Importer	Fixing	VCID-2a6z-dfqf-5ycb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-q5r4-cfpx-h6fh/GHSA-q5r4-cfpx-h6fh.json	38.0.0
2026-04-01T13:01:29.369690+00:00	GithubOSV Importer	Fixing	VCID-6uzy-57uy-zkfw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-5v34-g2px-j4fw/GHSA-5v34-g2px-j4fw.json	38.0.0
2026-04-01T12:48:35.695371+00:00	GitLab Importer	Fixing	VCID-2a6z-dfqf-5ycb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2021-36373.yml	38.0.0
2026-04-01T12:48:35.668027+00:00	GitLab Importer	Fixing	VCID-6uzy-57uy-zkfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ant/ant/CVE-2021-36374.yml	38.0.0