PYSEC-2020-204

Ansible before 1.6.7 does not prevent inventory data with "" and "lookup" substrings, and does not prevent remote data with "" substrings, which allows remote attackers to execute arbitrary code via 1 crafted lookup'pipe' calls or 2 crafted Jinja2 data...

PT-2020-7688

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 1.6.7 Description The issue allows remote attackers to execute arbitrary code via crafted lookup'pipe' calls or crafted Jinja2 data, due to the lack of prevention of inventory data with "" and "lookup" substrings, and...