EUVD-2025-19586

Malicious code in bioql PyPI...

EUVD-2025-19585

Malicious code in bioql PyPI...

event-driven-ansible: Template Injection via Git Branch and Refspec in EDA Projects

A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In...

CVE-2025-49520

CVE-2025-49520 affects Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to git ls-remote, enabling an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift, this can lead to service accou...

CVE-2025-49520 Event-driven-ansible: authenticated argument injection in git url in eda project creation

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...

PT-2025-27477 · Ansible · Ansible Automation Platform

Name of the Vulnerable Software and Affected Versions: Ansible Automation Platform affected versions not specified Description: A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This issue...