Lucene search
GoogleOSV:PYSEC-2017-5HistorySep 14, 2017 - 7:29 p.m.
PYSEC-2017-5
2017-09-1419:29:00
Google
osv.dev
4
0.005 Low
EPSS
Percentile
75.8%
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ansible-vault | eq | 1.0.1 | |
| ansible-vault | eq | 1.0.4 | |
| ansible-vault | eq | 1.0.0 | |
| ansible-vault | eq | 1.0.2 | |
| ansible-vault | eq | 1.0.3 |
Related
nvd
nvd
CVE-2017-2809
2017-09-14 19:29:00
github
github
Code injection in ansible
2018-07-13 15:16:54
osv
osv
Code injection in ansible
2018-07-13 15:16:54
CVE-2017-2809
2017-09-14 19:29:00
veracode
veracode
Remote Code Execution (RCE)
2017-09-15 00:37:54
cve
cve
CVE-2017-2809
2017-09-14 19:29:00
talos
talos
ansible-vault Yaml Load Code Execution Vulnerability
2017-09-14 00:00:00
prion
prion
Input validation
2017-09-14 19:29:00
cvelist
cvelist
CVE-2017-2809
2017-09-14 00:00:00
talosblog
talosblog