https://bugzilla.redhat.com/show_bug.cgi?id=1903702
--- Comment #23 from Przemyslaw Roguski proguski@redhat.com --- Statement:
ant as shipped in Red Hat Enterprise Linux 8 is not affected by this flaw because this flaw is caused by the patch for CVE-2020-1945, however, it was never applied to ant as shipped in Red Hat Enterprise Linux 8, because the decision was made by Engineering to WONTFIX that flaw.
In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package. Since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix. This may be fixed in the future.
[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rele...