ansible-vault is vulnerable to remote code execution (RCE) attacks. The application uses the unsafe yaml.load
method to deserialize YAML files, allowing a malicious user to inject and execute arbitrary python code.
CPE | Name | Operator | Version |
---|---|---|---|
ansible-vault | le | 1.0.4 | |
ansible-vault | le | 1.0.4 |