4 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-1737
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract- Zip function from the winunzip module as the extracte...
ansible: Extract-Zip function in win_unzip module does not check extracted path
A flaw was found in the Ansible Engine when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path...
ansible: Extract-Zip function in win_unzip module does not check extracted path
A flaw was found in the Ansible Engine when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path...
PT-2020-5090
Name of the Vulnerable Software and Affected Versions Ansible versions 2.7.17 and prior Ansible versions 2.8.9 and prior Ansible versions 2.9.6 and prior Description A flaw was found in Ansible when using the Extract-Zip function from the win unzip module. The extracted files are not checked if...