A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node.
Currently, there is no mitigation for this issue except avoid using the affected fetch module when possible.