CVE-2014-4657

Опубликовано: 20 фев. 2020

Источник: debian

Описание

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ansible	fixed	1.5.5+dfsg-1		package

Примечания

https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c

Связанные уязвимости

CVE-2014-4657

CVSS3: 9.8

ubuntu

почти 6 лет назад

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

CVE-2014-4657

CVSS3: 9.8

redhat

почти 12 лет назад

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

CVE-2014-4657

CVSS3: 9.8

nvd

почти 6 лет назад

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

GHSA-qg47-5px9-32g7

CVSS3: 9.8

github

больше 3 лет назад

Ansible Remote Code Execution