CVE-2017-7481 in Ansibleinfo

Zusammenfassung

von MITRE

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Red Hat, Inc.

Reservieren

05.04.2017

Veröffentlichung

19.07.2018

Moderieren

akzeptiert

Eintrag

VDB-121961

CPE

bereit

CWE

CWE-20 (bestätigt)

CVSS

9.8 (NVD)

EPSS

0.04313

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-7481
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-7481
CVE Details	https://www.cvedetails.com/cve/CVE-2017-7481/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!