CVE-2014-4678

2020-02-20T03:15:00
ID CVE-2014-4678
Type cve
Reporter cve@mitre.org
Modified 2020-02-25T16:12:00

Description

The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.