CVE-2014-4967 – ansible

Package

Manager: pip
Name: ansible
Vulnerable Version: >=0 <1.6.7

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.04747 pctl0.89012

Details

Ansible Arbitrary Code Execution Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.

Metadata

Created: 2022-05-17T19:57:30Z
Modified: 2024-09-10T22:15:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-64cw-m57j-65xj/GHSA-64cw-m57j-65xj.json
CWE IDs: ["CWE-74"]
Alternative ID: GHSA-64cw-m57j-65xj
Finding: F184
Auto approve: 1