Amazon Linux AMI : ant (ALAS-2018-1047)
High Nessus Plugin ID 111338
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionIt was discovered that Ant's unzip and untar targets permit the
extraction of files outside the target directory. A crafted zip or tar
file submitted to an Ant build could create or overwrite arbitrary
files with the privileges of the user running Ant.(CVE-2018-10886)
SolutionRun 'yum update ant' to update your system.