Vulnerabilities

CVE-2014-4678

by Fred · 19/02/2020

The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.

Date published : 2020-02-19

https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916

https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ

Similar

Tags: Cybersecurity Alert