9 matches found
dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection
A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...
CVE-2026-2452
The CVE-2026-2452 issue affects pretix email templates where placeholders are used to inject data. A security bug allowed exfiltration of sensitive information from the system configuration via specially crafted placeholder names (for example {{event.init .code .co_filename}}), enabling an attack...
RHEL 7 : ansible (RHSA-2019:3789)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3789 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH a...
RHEL 7 : ansible (RHSA-2019:3744)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3744 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH a...
ansible: unsafe template evaluation of returned module data can lead to information disclosure
A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...
ansible: unsafe template evaluation of returned module data can lead to information disclosure
A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...
RHEL 7 : ansible (RHSA-2019:1705)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1705 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does n...
ansible: unsafe template evaluation of returned module data can lead to information disclosure
A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...
Information Disclosure
ansible is vulnerable to Information Disclosure. An unsafe template evaluation of returned module data exists, allowing an attacker to read and replace files...