Описание
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.6.6+dfsg-1 |
| bionic | not-affected | 1.6.6+dfsg-1 |
| cosmic | not-affected | 1.6.6+dfsg-1 |
| devel | not-affected | 1.6.6+dfsg-1 |
| disco | not-affected | 1.6.6+dfsg-1 |
| eoan | not-affected | 1.6.6+dfsg-1 |
| esm-apps/bionic | not-affected | 1.6.6+dfsg-1 |
| esm-apps/focal | not-affected | 1.6.6+dfsg-1 |
| esm-apps/jammy | not-affected | 1.6.6+dfsg-1 |
| esm-apps/xenial | not-affected | 1.6.6+dfsg-1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
The safe_eval function in Ansible before 1.6.4 does not properly restr ...
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3