Alpine: apache-ant: security update to 1.10.11-r0

medium Tenable Self-Hosted Container Security Plugin ID 403531

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of
memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt
builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. (CVE-2021-36373)

- When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to
allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be
used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance
JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. (CVE-2021-36374)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-36373

https://security.alpinelinux.org/vuln/CVE-2021-36374

Plugin Details

Severity: Medium

ID: 403531

Version: Revision 1.40

Type: Local

Published: 10/31/2023

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-36374

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/14/2021

Reference Information

CVE: CVE-2021-36373, CVE-2021-36374