6 matches found
Ansible Code Injection Vulnerability
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
GHSA-66C7-5PWV-MM3J Ansible Code Injection Vulnerability
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
CVE-2014-4657
The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...
CVE-2014-4657
The CVE-2014-4657 entry concerns Ansible’s safe_eval, where the code subset is not properly restricted. Connected documents confirm the flaw affects Ansible versions prior to 1.5.4 (the primary reference) and note that subsequent advisories describe an incomplete fix, with some sources indicating...
Code injection
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
PYSEC-2020-203
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...