The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-02-20T02:49:50
Updated: 2024-08-06T11:27:35.287Z
Reserved: 2014-06-26T00:00:00
Link: CVE-2014-4678
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-02-20T03:15:10.717
Modified: 2024-11-21T02:10:41.557
Link: CVE-2014-4678
Redhat