Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | ansible | 1.4.4, 0, 1.0 |
Timeline
- Mar 3, 2020 CVE Published
- Nov 8, 2023 CVE Updated
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
| Vendor | Product | Versions |
|---|---|---|
| PyPI | ansible | 1.4.4, 0, 1.0 |