Homepage

ansible-core@2.20.7rc1

Radically simple IT automation

  • latest version

    2.21.0

  • first published

    5 years ago

  • latest version published

    24 days ago

  • licenses detected

  • View ansible-core package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the ansible-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary Argument Injection

    ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load balancers easy.

    Affected versions of this package are vulnerable to Arbitrary Argument Injection. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.

    How to fix Arbitrary Argument Injection?

    There is no fixed version for ansible-core.

    [0,)
    Go back to all versions of this package