CVE-2021-36374
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
2.5
Description
Improper Handling of Length Parameter Inconsistency in Apache Ant
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 1.10.11-1 |
| sid | Fixed | 1.10.11-1 |
| forky | Fixed | 1.10.11-1 |
| bullseye | Affected | โ |
| bookworm | Fixed | 1.10.11-1 |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Fixed | 1.10.11-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.ant:ant | >=1.9.0,<1.9.16 | 1.9.16 |
| Maven | org.apache.ant:ant | >=1.10.0,<1.10.11 | 1.10.11 |
References
- https://security-tracker.debian.org/tracker/CVE-2021-36374
- https://security.archlinux.org/ASA-202107-43
- https://www.suse.com/security/cve/CVE-2021-36374.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-36374
- https://ant.apache.org/security.html
- https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E
- https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E
- https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210819-0007
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.