ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...

PT-2020-7688

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 1.6.7 Description The issue allows remote attackers to execute arbitrary code via crafted lookup'pipe' calls or crafted Jinja2 data, due to the lack of prevention of inventory data with "" and "lookup" substrings, and...