{"id":"CVE-2020-11979","details":"As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.","aliases":["BIT-gradle-2020-11979","GHSA-f62v-xpxf-3v68","GHSA-j45w-qrgf-25vm"],"modified":"2026-05-18T05:50:07.644195189Z","published":"2020-10-01T20:15:13.033Z","related":["SUSE-SU-2022:4022-1","openSUSE-SU-2024:10616-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"31"},{"last_affected":"32"},{"last_affected":"33"}]},{"cpes":["cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:agile_engineering_data_management","extracted_events":[{"last_affected":"6.2.1.0"}]},{"cpes":["cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:api_gateway","extracted_events":[{"last_affected":"11.1.2.4.0"}]},{"cpes":["cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:banking_platform","extracted_events":[{"last_affected":"2.4.0"},{"last_affected":"2.4.1"},{"last_affected":"2.6.2"},{"last_affected":"2.7.0"},{"last_affected":"2.7.1"},{"last_affected":"2.8.0"}]},{"extracted_events":[{"last_affected":"14.4"}],"source":"CPE_FIELD","vendor_product":"oracle:banking_treasury_management","cpes":["cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*"]},{"cpes":["cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:communications_unified_inventory_management","extracted_events":[{"last_affected":"7.4.0"},{"last_affected":"7.4.1"}]},{"cpes":["cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:data_integrator","extracted_events":[{"last_affected":"12.2.1.3.0"},{"last_affected":"12.2.1.4.0"}]},{"cpes":["cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:endeca_information_discovery_studio","extracted_events":[{"last_affected":"3.2.0.0"}]},{"cpes":["cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:enterprise_repository","extracted_events":[{"last_affected":"11.1.1.7.0"}]},{"cpes":["cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*","cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:financial_services_analytical_applications_infrastructure","extracted_events":[{"introduced":"8.0.6"},{"last_affected":"8.0.9"},{"last_affected":"8.1.0"},{"last_affected":"8.1.1"}]},{"cpes":["cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:flexcube_private_banking","extracted_events":[{"last_affected":"12.0.0"},{"last_affected":"12.1.0"}]},{"cpes":["cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:primavera_gateway","extracted_events":[{"introduced":"16.2.0"},{"last_affected":"16.2.11"},{"introduced":"17.12.0"},{"last_affected":"17.12.9"}]},{"extracted_events":[{"introduced":"17.7"},{"last_affected":"17.12"},{"last_affected":"16.1"},{"last_affected":"16.2"},{"last_affected":"18.8"},{"last_affected":"19.12"},{"last_affected":"20.12"}],"source":"CPE_FIELD","vendor_product":"oracle:primavera_unifier","cpes":["cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*","cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*"]},{"extracted_events":[{"last_affected":"3.2.0.0"},{"last_affected":"11.1.1.9.0"}],"source":"CPE_FIELD","vendor_product":"oracle:real-time_decision_server","cpes":["cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*"]},{"extracted_events":[{"last_affected":"14.1"}],"source":"CPE_FIELD","vendor_product":"oracle:retail_advanced_inventory_planning","cpes":["cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*"]},{"extracted_events":[{"last_affected":"16.0.3"}],"source":"CPE_FIELD","vendor_product":"oracle:retail_assortment_planning","cpes":["cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*"]},{"cpes":["cpe:2.3:a:oracle:retail_category_management_planning_\\&_optimization:16.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_category_management_planning_&_optimization","extracted_events":[{"last_affected":"16.0.3"}]},{"cpes":["cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_eftlink","extracted_events":[{"last_affected":"19.0.1"},{"last_affected":"20.0.0"}]},{"cpes":["cpe:2.3:a:oracle:retail_financial_integration:14.1.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_financial_integration:15.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_financial_integration","extracted_events":[{"last_affected":"14.1.3"},{"last_affected":"15.0.3"},{"last_affected":"16.0.3"}]},{"cpes":["cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_integration_bus","extracted_events":[{"last_affected":"15.0.3"}]},{"cpes":["cpe:2.3:a:oracle:retail_item_planning:16.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_item_planning","extracted_events":[{"last_affected":"16.0.3"}]},{"cpes":["cpe:2.3:a:oracle:retail_macro_space_optimization:16.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_macro_space_optimization","extracted_events":[{"last_affected":"16.0.3"}]},{"cpes":["cpe:2.3:a:oracle:retail_merchandise_financial_planning:16.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_merchandise_financial_planning","extracted_events":[{"last_affected":"16.0.3"}]},{"cpes":["cpe:2.3:a:oracle:retail_merchandising_system:14.1.3.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_merchandising_system","extracted_events":[{"last_affected":"14.1.3.2"},{"last_affected":"16.0.3"}]},{"cpes":["cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_predictive_application_server","extracted_events":[{"last_affected":"14.1"}]},{"cpes":["cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_regular_price_optimization","extracted_events":[{"last_affected":"16.0.3"}]},{"cpes":["cpe:2.3:a:oracle:retail_replenishment_optimization:16.0.3:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_replenishment_optimization","extracted_events":[{"last_affected":"16.0.3"}]},{"extracted_events":[{"last_affected":"14.1.3"},{"last_affected":"15.0.3"},{"last_affected":"16.0.3"}],"source":"CPE_FIELD","vendor_product":"oracle:retail_service_backbone","cpes":["cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_service_backbone:15.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*"]},{"extracted_events":[{"last_affected":"16.0.3"}],"source":"CPE_FIELD","vendor_product":"oracle:retail_size_profile_optimization","cpes":["cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*"]},{"cpes":["cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.9:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_store_inventory_management","extracted_events":[{"last_affected":"14.1.3.9"},{"last_affected":"15.0.3.0"},{"last_affected":"16.0.3.0"}]},{"cpes":["cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:retail_xstore_point_of_service","extracted_events":[{"last_affected":"15.0.4"},{"last_affected":"16.0.6"},{"last_affected":"17.0.4"},{"last_affected":"18.0.3"},{"last_affected":"19.0.2"}]},{"extracted_events":[{"last_affected":"8.5.1"}],"source":"CPE_FIELD","vendor_product":"oracle:storagetek_acsls","cpes":["cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*"]},{"cpes":["cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:storagetek_tape_analytics","extracted_events":[{"last_affected":"2.4"}]},{"cpes":["cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:timesten_in-memory_database","extracted_events":[{"fixed":"11.2.2.8.27"}]},{"cpes":["cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:utilities_framework","extracted_events":[{"last_affected":"4.3.0.5.0"},{"last_affected":"4.3.0.6.0"},{"last_affected":"4.4.0.0.0"},{"last_affected":"4.4.0.2.0"}]}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/"},{"type":"ADVISORY","url":"https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202011-18"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/ant","events":[{"introduced":"0"},{"last_affected":"e04bc345599fbf78167b181fa47ae5cb707534e4"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.10.8"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*"}}],"versions":["rel/1.10.8","ANT_1.10.8_RC1","ANT_1.10.6_RC1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11979.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/gradle/gradle","events":[{"introduced":"0"},{"fixed":"b7e82460c5373e194fb478a998c4fcfe7da53a7e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"6.8.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*"}}],"versions":["v6.8.0-RC5","v6.8.0-RC4","v6.8.0-RC3","v6.8.0-RC2","v6.8.0-RC1","v6.8.0-M3","v6.8.0-M2","v6.8.0-M1","v6.6.0-M2","v6.6.0-M1","v6.5.0-M2","v6.5.0-M1","v6.1.0-M2","v6.1.0-M1","v3.0.0-M1","REL_3.0-milestone-1","v1.12.0-RC2","v1.12.0","v1.12-RC2","v1.12","REL_1.12-rc-2","REL_1.12","v1.12.0-RC1","v1.12-RC1","REL_1.12-rc-1","v1.11.0","v1.11","REL_1.11","v1.11.0-RC1","v1.11-RC1","REL_1.11-rc-1","v1.0.0-M3","v1.0-M3","REL_1.0-milestone-3","v1.0.0-M2","v1.0-M2","REL_1.0-milestone-2","v1.0.0-M1","v1.0-M1","REL_1.0-milestone-1","v0.9.2","REL_0.9.2","v0.9.1","REL_0.9.1","v0.9.0","v0.9","REL_0.9","v0.9.0-RC3","v0.9-RC3","REL_0.9-rc-3","v0.9.0-RC2","v0.9-RC2","REL_0.9-rc-2","v0.9.0-RC1","v0.9-RC1","REL-0.9-rc-1","REL-0.9-preview-3","REL-0.9-preview-2","REL-0.9-preview-1","v0.8.0","v0.8","REL-0.8"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11979.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}