Lucene search

K
cvelistRedhatCVELIST:CVE-2014-4678
HistoryFeb 20, 2020 - 2:49 a.m.

CVE-2014-4678

2020-02-2002:49:50
redhat
www.cve.org

9.8 High

AI Score

Confidence

High

0.139 Low

EPSS

Percentile

95.7%

The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.

CNA Affected

[
  {
    "product": "Ansible",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before 1.6.4"
      }
    ]
  }
]

9.8 High

AI Score

Confidence

High

0.139 Low

EPSS

Percentile

95.7%