Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
{ "nvd_published_at": "2019-03-27T13:29:01Z", "cwe_ids": [ "CWE-22" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:21:22Z" }