3 matches found
CVE-2017-2809
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...
CVE-2017-2809
CVE-2017-2809 describes a YAML loading vulnerability in Ansible Vault prior to 1.0.5. A specially crafted vault can trigger arbitrary Python command execution, enabling code execution on affected systems. The issue affects the yaml loading functionality in ansible-vault, with the root cause tied ...
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
Vulnerabilities discovered by Cory Duplantis of Talos.Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language YAML content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML...