VDB
ALPINE-CVE-2016-9587
ALPINE-CVE-2016-9587
PUBLISHED
CVSS 8.100000381469727 HIGH
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.4 | ansible | 0, 0.4-r0, 0.7-r0 |
| Alpine:v3.5 | ansible | 0.3.1-r0, 0.4-r0, 0.5-r0 |
Timeline
- Apr 24, 2018 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch