CVE-2020-1735

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f78a5b184c6f8b1bc774ed795a2bd36d38f6506b

Introduced

24325a05dfb9104d6d4ec8b488b89e07c2e6d376

Fixed

ff7bbbcaf1e8f434432075bc9c55626a9dd3091d

Introduced

2611867fd1dc387ceaa0ffb8ce0f030aafc2a859

Fixed

b9ebc0ceefd2bad292b75f5e2e5f7340fd23e896

Affected versions

v2.*

v2.8.0

v2.8.1

v2.8.10

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1735.json"

Git / gitlab.gnome.org/GNOME/libxml2

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libxml2
Events: Introduced

38bbd3412d1c2a2016cf5a1a221ad4010216d28e

Fixed

bc5a5d658320c37e206fe4e7b525b4a24466d0c6

Affected versions

Other

CVE-2013-2877

CVE-2014-0191

CVE-2014-3660

CVE-2015-1819

CVE-2015-5312

CVE-2015-7497

CVE-2015-7498

CVE-2015-7499-1

CVE-2015-7499-2

CVE-2015-7500

CVE-2015-7941_1

CVE-2015-7941_2

CVE-2015-7942

CVE-2015-7942-2

CVE-2015-8035

CVE-2015-8242

CVE-2015-8317

CVE-2016-1762

CVE-2016-1833

CVE-2016-1834

CVE-2016-1835

CVE-2016-1836

CVE-2016-1837

CVE-2016-1838

CVE-2016-1839

CVE-2016-1840

CVE-2016-3627

CVE-2016-3705

CVE-2016-4449

CVE-2016-4483

v2.*

v2.9.0

v2.9.1

v2.9.2

v2.9.2-rc1

v2.9.2-rc2

v2.9.3

v2.9.4

v2.9.4-rc1

v2.9.4-rc2

v2.9.5

v2.9.5-rc1

v2.9.5-rc2

v2.9.6

v2.9.6-rc1

v2.9.7-rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1735.json"