Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:5099
HistorySep 15, 2017 - 12:37 a.m.

Remote Code Execution (RCE)

2017-09-1500:37:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4

0.005 Low

EPSS

Percentile

75.8%

JSON

ansible-vault is vulnerable to remote code execution (RCE) attacks. The application uses the unsafe yaml.load method to deserialize YAML files, allowing a malicious user to inject and execute arbitrary python code.

CPENameOperatorVersion
ansible-vaultle1.0.4
ansible-vaultle1.0.4

Related

nvd 1
github 1
osv 3
talos 1
prion 1
cvelist 1
cve 1
talosblog 1
nvd
nvd
CVE-2017-2809
2017-09-14 19:29:00
github
github
Code injection in ansible
2018-07-13 15:16:54
osv
osv
Code injection in ansible
2018-07-13 15:16:54
CVE-2017-2809
2017-09-14 19:29:00
PYSEC-2017-5
2017-09-14 19:29:00
talos
talos
ansible-vault Yaml Load Code Execution Vulnerability
2017-09-14 00:00:00
prion
prion
Input validation
2017-09-14 19:29:00
cvelist
cvelist
CVE-2017-2809
2017-09-14 00:00:00
cve
cve
CVE-2017-2809
2017-09-14 19:29:00
talosblog
talosblog
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib
2017-09-14 07:30:00

0.005 Low

EPSS

Percentile

75.8%

JSON
Related for VERACODE:5099
nvd1github1osv3talos1prion1cvelist1cve1talosblog1