Homepage
About Snyk

ansible-vault@1.0.0 vulnerabilities

R/W an ansible-vault yaml file

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ansible-vault package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Code Execution

Affected versions of ansible-vault are vulnerable to Arbitrary Code Execution.

Ansible Vault uses an encrypted format to enable users to store potential secrets (passwords, etc) that are needed for automating tasks.

Prior to version 1.0.5, Ansible Vault used the unsafe yaml.load() method to load the yaml file that it ultimately encrypts. If that yaml file contains a carefully coded python directive, the yaml.load() method will enable arbitrary commands to be executed.

How to fix Arbitrary Code Execution?

Upgrade ansible-vault to version 1.0.5 or higher.

[,1.0.5)
Go back to all versions of this package