Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/14353?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/14353?format=api", "purl": "pkg:pypi/ansible@2.9.10", "type": "pypi", "namespace": "", "name": "ansible", "version": "2.9.10", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8085?format=api", "vulnerability_id": "VCID-3jxq-kxnz-6bfh", "summary": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002" }, { "reference_url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv" }, { "reference_url": "https://github.com/ansible/ansible/pull/73487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17040?format=api", "purl": "pkg:pypi/ansible@2.9.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19" } ], "aliases": [ "CVE-2021-20228", "GHSA-5rrg-rr89-x9mv", "PYSEC-2021-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jxq-kxnz-6bfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5842?format=api", "vulnerability_id": "VCID-5mcc-gtrr-j3e4", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes," }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635," }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17038?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20178", "GHSA-wv5p-gmmv-wh9v", "PYSEC-2021-106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mcc-gtrr-j3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7955?format=api", "vulnerability_id": "VCID-7d8z-g99x-7qh2", "summary": "A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21706", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869154" }, { "reference_url": "https://github.com/advisories/GHSA-m429-fhmv-c6q2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m429-fhmv-c6q2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17029?format=api", "purl": "pkg:pypi/ansible@2.9.14rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.14rc1" } ], "aliases": [ "CVE-2020-14365", "GHSA-m429-fhmv-c6q2", "PYSEC-2020-209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7d8z-g99x-7qh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7950?format=api", "vulnerability_id": "VCID-b8cv-v25q-1kh3", "summary": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44392", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330" }, { "reference_url": "https://github.com/advisories/GHSA-785x-qw4v-6872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-785x-qw4v-6872" }, { "reference_url": "https://github.com/ansible/ansible/issues/68400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/68400" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17069?format=api", "purl": "pkg:pypi/ansible@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0" } ], "aliases": [ "CVE-2020-14330", "GHSA-785x-qw4v-6872", "PYSEC-2020-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8cv-v25q-1kh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5428?format=api", "vulnerability_id": "VCID-enwa-2cfn-5uab", "summary": "arbitrary command execution", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17048?format=api", "purl": "pkg:pypi/ansible@2.9.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-enwa-2cfn-5uab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5516?format=api", "vulnerability_id": "VCID-kgjy-7kdy-c3cg", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21283?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgjy-7kdy-c3cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7985?format=api", "vulnerability_id": "VCID-m87b-eb5y-8ydf", "summary": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.236", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25635" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible-collections/community.aws/issues/222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/issues/222" }, { "reference_url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635", "reference_id": "CVE-2020-25635", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635" }, { "reference_url": "https://github.com/advisories/GHSA-f556-49jc-4rvc", "reference_id": "GHSA-f556-49jc-4rvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f556-49jc-4rvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17303?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-25635", "GHSA-f556-49jc-4rvc", "PYSEC-2020-220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m87b-eb5y-8ydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1054?format=api", "vulnerability_id": "VCID-qtt6-8kf8-1fbt", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" }, { "reference_url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17056?format=api", "purl": "pkg:pypi/ansible@2.9.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27" } ], "aliases": [ "CVE-2021-3620", "GHSA-4r65-35qq-ch8j", "PYSEC-2022-164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt6-8kf8-1fbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7949?format=api", "vulnerability_id": "VCID-tfhg-gzz2-7qc5", "summary": "A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.4771", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14332" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332" }, { "reference_url": "https://github.com/advisories/GHSA-j667-c2hm-f2wp", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j667-c2hm-f2wp" }, { "reference_url": "https://github.com/ansible/ansible/pull/71033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/71033" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17010?format=api", "purl": "pkg:pypi/ansible@2.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12" } ], "aliases": [ "CVE-2020-14332", "GHSA-j667-c2hm-f2wp", "PYSEC-2020-4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfhg-gzz2-7qc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5840?format=api", "vulnerability_id": "VCID-uvca-5e2n-pqew", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" }, { "reference_url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20863?format=api", "purl": "pkg:pypi/ansible@2.10.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kgjy-7kdy-c3cg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/17038?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20191", "GHSA-8f4m-hccc-8qph", "PYSEC-2021-124" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvca-5e2n-pqew" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7896?format=api", "vulnerability_id": "VCID-nx86-xnct-afbs", "summary": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11851", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744" }, { "reference_url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d" }, { "reference_url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f" }, { "reference_url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80" }, { "reference_url": "https://github.com/ansible/ansible/issues/69782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/69782" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744", "reference_id": "CVE-2020-10744", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11300?format=api", "purl": "pkg:pypi/ansible@2.8.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-mk3k-n9wn-q3ct" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/14352?format=api", "purl": "pkg:pypi/ansible@2.8.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/14353?format=api", "purl": "pkg:pypi/ansible@2.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/17010?format=api", "purl": "pkg:pypi/ansible@2.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/17068?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-10744", "GHSA-vp9j-rghq-8jhh", "PYSEC-2020-208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nx86-xnct-afbs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.10" }