| 2021-07-14 | CVE-2021-36373 | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-07-14 | CVE-2021-36374 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-02-24 | CVE-2020-11987 | Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. | 8.2 |
| 2021-01-20 | CVE-2021-1994 | Unspecified vulnerability in Oracle Enterprise Repository and Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 7.5 |
| 2020-11-12 | CVE-2019-17566 | Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. | 7.5 |
| 2020-10-01 | CVE-2020-11979 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. | 7.5 |
| 2020-09-10 | CVE-2020-11998 | A regression has been introduced in the commit preventing JMX re-bind. | 9.8 |
| 2020-07-08 | CVE-2020-11994 | Injection vulnerability in multiple products
Server-Side Template Injection and arbitrary file disclosure on Camel templating components | 7.5 |
| 2020-05-14 | CVE-2020-1941 | Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. | 6.1 |
| 2020-05-14 | CVE-2020-1945 | Exposure of Resource to Wrong Sphere vulnerability in multiple products
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. | 6.3 |