OESA-2025-1647

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1647

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1647.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1647

Upstream

CVE-2021-3583

Published

2025-06-20T13:26:26Z

Modified

2025-08-12T05:35:12.765865Z

Summary

ansible security update

Details

Security Fix(es):

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.(CVE-2021-3583)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / ansible

Package

Name: ansible
Purl: pkg:rpm/openEuler/ansible&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.5-9.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "ansible-2.5.5-9.oe2003sp4.noarch.rpm",
        "ansible-help-2.5.5-9.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "ansible-2.5.5-9.oe2003sp4.src.rpm"
    ]
}