PYSEC-2020-2

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2020-2.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-2
Aliases
Published
2020-04-30T17:15:00Z
Modified
2023-11-01T04:51:25.466069Z
Summary
[none]
Details

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

References

Affected packages

PyPI / ansible

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.9.0
Fixed
2.9.7

Affected versions

2.*

2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6