Code injection in ansible
High severity
GitHub Reviewed
Published
Jul 13, 2018
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Sep 14, 2017
Published to the GitHub Advisory Database
Jul 13, 2018
Reviewed
Jun 16, 2020
Last updated
Feb 1, 2023
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
References