VulnerableCode Package Details - pkg:alpm/archlinux/ant@1.10.8-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/ant@1.10.8-1

Essentials
History (2)

purl	pkg:alpm/archlinux/ant@1.10.8-1

Next non-vulnerable version	1.10.9-1
Latest non-vulnerable version	1.10.11-1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-unby-h128-v3bk Aliases: CVE-2020-11979 GHSA-f62v-xpxf-3v68 GHSA-j45w-qrgf-25vm	Code injection in Apache Ant As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.	1.10.9-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-53z5-f3xj-z7bf	Sensitive Data Exposure in Apache Ant Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.	CVE-2020-1945 GHSA-4p6w-m9wc-c9c9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:27:00.201659+00:00	Arch Linux Importer	Fixing	VCID-53z5-f3xj-z7bf	https://security.archlinux.org/AVG-1159	38.0.0
2026-04-01T18:26:59.008278+00:00	Arch Linux Importer	Affected by	VCID-unby-h128-v3bk	https://security.archlinux.org/AVG-1312	38.0.0