CVE-2014-4657

Опубликовано: 01 апр. 2014

Источник: redhat

CVSS3: 9.8

EPSS Низкий

Описание

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

A flaw was found in the safe_eval function in Ansible before 1.5.4, where it does not properly restrict the code subset. This flaw allows remote attackers to execute arbitrary code via crafted instructions.

Затронутые пакеты

Платформа	Пакет	Состояние
CloudForms Management Engine 5	ansible	Not affected
Red Hat Ansible Engine 2	ansible	Not affected
Red Hat Ansible Tower 3	ansible	Not affected
Red Hat Ceph Storage 2	ansible	Not affected
Red Hat Ceph Storage 3	ansible	Not affected
Red Hat OpenStack Platform 10 (Newton)	ansible	Not affected
Red Hat OpenStack Platform 13 (Queens)	ansible	Not affected
Red Hat Storage 3	ansible	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1831263ansible: improper restriction of code subset allows remote arbitrary code execution via crafted instructions

EPSS

Процентиль: 84%

0.02239

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2014-4657

CVSS3: 9.8

ubuntu

почти 6 лет назад

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

CVE-2014-4657

CVSS3: 9.8

nvd

почти 6 лет назад

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

CVE-2014-4657

CVSS3: 9.8

debian

почти 6 лет назад

The safe_eval function in Ansible before 1.5.4 does not properly restr ...

GHSA-qg47-5px9-32g7

CVSS3: 9.8

github

больше 3 лет назад

Ansible Remote Code Execution

EPSS

Процентиль: 84%

0.02239

Низкий

9.8 Critical

CVSS3