PYSEC-2018-43

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2018-43.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2018-43

Aliases

Published

2018-07-13T22:29:00Z

Modified

2024-04-22T22:27:01.915323Z

Summary

[none]

Details

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

References

Affected packages

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5

Fixed

2.5.6

Introduced

2.4

Fixed

2.4.6.0

Introduced

2.6

Fixed

2.6.1

Affected versions

2.*

2.4.0.0

2.4.1.0

2.4.2.0

2.4.3.0

2.4.4.0

2.4.5.0

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.6.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2018-43.yaml"