canonical ubuntu-linux CVE-2020-1945 vulnerability in Canonical and Other Products
Published on May 14, 2020

product logo product logo product logo product logo product logo
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

Github Repository Github Repository Github Repository Github Repository Github Repository Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2020-1945

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1945 are published in these products:

Canonical Ubuntu Linux
 
Fedora Project Fedora
 
Apache Ant
 
OpenSuse Leap
 
Oracle Agile Engineering Data Management
 
Oracle Banking Enterprise Collections
 
Oracle Banking Liquidity Management
 
Oracle Banking Platform
 
Oracle Business Process Management Suite
 
Oracle Category Management Planning Optimization
 
Oracle Communications Asap
 
Oracle Communications Diameter Signaling Router
 
Oracle Communications Metasolv Solution
 
Oracle Communications Order Service Management
 
Oracle Data Integrator
 
Oracle Endeca Information Discovery Studio
 
Oracle Enterprise Manager Ops Center
 
Oracle Enterprise Repository
 
Oracle Financial Services Analytical Applications Infrastructure
 
Oracle Flexcube Investor Servicing
 
Oracle Flexcube Private Banking
 
Oracle Health Sciences Information Manager
 
Oracle Primavera Gateway
 
Oracle Primavera Unifier
 
Oracle Rapid Planning
 
Oracle Real Time Decision Server
 
Oracle Retail Advanced Inventory Planning
 
Oracle Retail Assortment Planning
 
Oracle Retail Back Office
 
Oracle Retail Bulk Data Integration
 
Oracle Retail Central Office
 
Oracle Retail Data Extractor Merchandising
 
Oracle Retail Extract Transform Load
 
Oracle Retail Financial Integration
 
Oracle Retail Integration Bus
 
Oracle Retail Item Planning
 
Oracle Retail Macro Space Optimization
 
Oracle Retail Merchandise Financial Planning
 
Oracle Retail Merchandising System
 
Oracle Retail Point Of Service
 
Oracle Retail Predictive Application Server
 
Oracle Retail Regular Price Optimization
 
Oracle Retail Replenishment Optimization
 
Oracle Retail Returns Management
 
Oracle Retail Service Backbone
 
Oracle Retail Size Profile Optimization
 
Oracle Retail Store Inventory Management
 
Oracle Retail Xstore Point Of Service
 
Oracle Timesten In Memory Database
 
Oracle Utilities Framework
 

Vulnerable Packages

The following package name and versions may be associated with CVE-2020-1945

Package Manager Vulnerable Package Versions Fixed In
maven org.postgresql:postgresql >= 42.2.0, < 42.2.27 42.2.27
maven org.postgresql:postgresql > 42.3.0, < 42.3.8 42.3.8
maven org.postgresql:postgresql >= 42.4.0, < 42.4.3 42.4.3
maven org.postgresql:postgresql >= 42.5.0, < 42.5.1 42.5.1
maven org.eclipse.jetty:jetty-webapp < 9.4.33 9.4.33
maven org.mortbay.jetty:jetty-webapp < 9.4.33 9.4.33
maven io.netty:netty-codec-http < 4.1.59 4.1.59.Final
maven junit:junit >= 4.7, < 4.13.1 4.13.1
maven org.glassfish.jersey.core:jersey-common >= 2.28, <= 2.33 2.34
maven org.glassfish.jersey.core:jersey-common >= 3.0.0, <= 3.0.1 3.0.2

Exploit Probability

EPSS
0.02%
Percentile
5.17%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.