Vulnerability	Vulnerable Version
H Improper Input Validation ansible-runner is a tool that helps when interfacing with Ansible directly or as part of another system whether that be through a container image interface, as a standalone tool, or as a Python module that can be imported. Affected versions of this package are vulnerable to Improper Input Validation while calling `ansible_runner.interface.run_command`, due to improper escaping of shell command where the parameters get executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. How to fix Improper Input Validation? Upgrade `ansible-runner` to version 2.1.0 or higher.	[,2.1.0)

Improper Input Validation

ansible-runner is a tool that helps when interfacing with Ansible directly or as part of another system whether that be through a container image interface, as a standalone tool, or as a Python module that can be imported.

Affected versions of this package are vulnerable to Improper Input Validation while calling ansible_runner.interface.run_command, due to improper escaping of shell command where the parameters get executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.

How to fix Improper Input Validation?

Upgrade ansible-runner to version 2.1.0 or higher.

[,2.1.0)

Go back to all versions of this package