github.com/ansible-semaphore/semaphore is vulnerable to Arbitrary Code Injection. The vulnerability exists in makeCmd
function at AnsiblePlaybook.go
which allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ansible-semaphore/semaphore | le | v2.8.101 | |
github.com/ansible-semaphore/semaphore | le | v2.8.101 |