ansible-core@2.16.16rc1

Radically simple IT automation

  • latest version

    2.21.1

  • latest non vulnerable version

  • first published

    5 years ago

  • latest version published

    16 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the ansible-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary Argument Injection

    ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy.

    Affected versions of this package are vulnerable to Arbitrary Argument Injection. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.

    How to fix Arbitrary Argument Injection?

    Upgrade ansible-core to version 2.21.1rc1 or higher.

    [,2.21.1rc1)