vulnerability
Amazon Linux AMI: ALAS-2018-1047: Security patch for ant
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:N/I:C/A:C) | Jul 23, 2018 | Sep 19, 2018 | Feb 19, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:N/I:C/A:C)
Published
Jul 23, 2018
Added
Sep 19, 2018
Modified
Feb 19, 2025
Description
It was discovered that Ant's unzip and untar targets permit the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.(CVE-2018-10886)
Solution
amazon-linux-upgrade-ant
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.