As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NApache Ant
APPApache1.10.8Fedora Project Fedora
OSFedoraproject313233Gradle
APPGradle< 6.8.0Oracle Agile Engineering Data Management
APPOracle6.2.1.0Oracle Api Gateway
APPOracle11.1.2.4.0Oracle Banking Platform
APPOracle2.4.02.4.12.6.22.7.02.7.12.8.0Oracle Banking Treasury Management
APPOracle14.4Oracle Communications Unified Inventory Management
APPOracle7.4.07.4.1Oracle Data Integrator
APPOracle12.2.1.3.012.2.1.4.0Oracle Endeca Information Discovery Studio
APPOracle3.2.0.0Oracle Enterprise Repository
APPOracle11.1.1.7.0Oracle Financial Services Analytical Applications Infrastructure
APPOracle8.1.08.1.18.0.6 – 8.0.9Oracle Flexcube Private Banking
APPOracle12.0.012.1.0Oracle Primavera Gateway
APPOracle17.12.0 – 17.12.916.2.0 – 16.2.11Oracle Primavera Unifier
APPOracle16.116.218.819.1220.1217.7 – 17.12Oracle Real Time Decision Server
APPOracle11.1.1.9.03.2.0.0Oracle Retail Advanced Inventory Planning
APPOracle14.1Oracle Retail Assortment Planning
APPOracle16.0.3Oracle Retail Category Management Planning \& Optimization
APPOracle16.0.3Oracle Retail Eftlink
APPOracle19.0.120.0.0Oracle Retail Financial Integration
APPOracle14.1.315.0.316.0.3Oracle Retail Integration Bus
APPOracle15.0.3Oracle Retail Item Planning
APPOracle16.0.3Oracle Retail Macro Space Optimization
APPOracle16.0.3Oracle Retail Merchandise Financial Planning
APPOracle16.0.3Oracle Retail Merchandising System
APPOracle14.1.3.216.0.3Oracle Retail Predictive Application Server
APPOracle14.1Oracle Retail Regular Price Optimization
APPOracle16.0.3Oracle Retail Replenishment Optimization
APPOracle16.0.3Oracle Retail Service Backbone
APPOracle14.1.315.0.316.0.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Referencje
Powiązane podatności
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
CVE-2023-6345CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Integer overflow w Skia w Google Chrome — sandbox escape