Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6423?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6423?format=api", "purl": "pkg:pypi/ansible@1.2.1", "type": "pypi", "namespace": "", "name": "ansible", "version": "1.2.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7333?format=api", "vulnerability_id": "VCID-24vk-y12h-nbau", "summary": "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.442", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3908" }, { "reference_url": "https://github.com/advisories/GHSA-w64c-pxjj-h866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w64c-pxjj-h866" }, { "reference_url": "https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" }, { "reference_url": "http://www.ansible.com/security", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ansible.com/security" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/07/14/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/07/14/4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7814?format=api", "purl": "pkg:pypi/ansible@1.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.2" } ], "aliases": [ "CVE-2015-3908", "GHSA-w64c-pxjj-h866", "PYSEC-2015-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24vk-y12h-nbau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8085?format=api", "vulnerability_id": "VCID-3jxq-kxnz-6bfh", "summary": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47749", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002" }, { "reference_url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5rrg-rr89-x9mv" }, { "reference_url": "https://github.com/ansible/ansible/pull/73487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/73487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17040?format=api", "purl": "pkg:pypi/ansible@2.9.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19" } ], "aliases": [ "CVE-2021-20228", "GHSA-5rrg-rr89-x9mv", "PYSEC-2021-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jxq-kxnz-6bfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7858?format=api", "vulnerability_id": "VCID-4331-d5yy-uybc", "summary": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08127", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733" }, { "reference_url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g4mq-6fp5-qwcf" }, { "reference_url": "https://github.com/ansible/ansible/issues/67791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67791" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13773?format=api", "purl": "pkg:pypi/ansible@2.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1733", "GHSA-g4mq-6fp5-qwcf", "PYSEC-2020-5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4331-d5yy-uybc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5842?format=api", "vulnerability_id": "VCID-5mcc-gtrr-j3e4", "summary": "information disclosure", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0848", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes," }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635," }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17038?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20178", "GHSA-wv5p-gmmv-wh9v", "PYSEC-2021-106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mcc-gtrr-j3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7588?format=api", "vulnerability_id": "VCID-664v-ms96-jfd2", "summary": "Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1334", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2524" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04313", "scoring_system": "epss", "scoring_elements": "0.89067", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7481" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481" }, { "reference_url": "https://github.com/advisories/GHSA-w578-j992-554x", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w578-j992-554x" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3" }, { "reference_url": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2" }, { "reference_url": "https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29" }, { "reference_url": "https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" }, { "reference_url": "https://usn.ubuntu.com/4072-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492" }, { "reference_url": "http://www.securityfocus.com/bid/98492", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/98492" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7481", "reference_id": "CVE-2017-7481", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7481" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10265?format=api", "purl": "pkg:pypi/ansible@2.1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10267?format=api", "purl": "pkg:pypi/ansible@2.2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/9340?format=api", "purl": "pkg:pypi/ansible@2.3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a79h-gfcm-13cq" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/9342?format=api", "purl": "pkg:pypi/ansible@2.4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a79h-gfcm-13cq" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-ce7n-7xet-pyav" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kva6-sjfx-rbe3" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.0.0" } ], "aliases": [ "CVE-2017-7481", "GHSA-w578-j992-554x", "PYSEC-2018-41" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-664v-ms96-jfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7867?format=api", "vulnerability_id": "VCID-6hdk-ywcn-4qe4", "summary": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16115", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753" }, { "reference_url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv" }, { "reference_url": "https://github.com/ansible-collections/kubernetes/pull/51", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/kubernetes/pull/51" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11299?format=api", "purl": "pkg:pypi/ansible@2.7.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/13873?format=api", "purl": "pkg:pypi/ansible@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/13874?format=api", "purl": "pkg:pypi/ansible@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7" } ], "aliases": [ "CVE-2020-1753", "GHSA-86hp-cj9j-33vv", "PYSEC-2020-210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hdk-ywcn-4qe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7759?format=api", "vulnerability_id": "VCID-6smx-ju23-8qes", "summary": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3207", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0756" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30132", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14846" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846" }, { "reference_url": "https://github.com/ansible/ansible/pull/63366", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/63366" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13124?format=api", "purl": "pkg:pypi/ansible@2.6.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/11295?format=api", "purl": "pkg:pypi/ansible@2.7.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/13125?format=api", "purl": "pkg:pypi/ansible@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6" } ], "aliases": [ "CVE-2019-14846", "PYSEC-2019-4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6smx-ju23-8qes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7855?format=api", "vulnerability_id": "VCID-6swz-79ue-bbef", "summary": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2020:0547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2020:0547" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2020:1539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2020:1539" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24234", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1734" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734" }, { "reference_url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h39q-95q5-9jfp" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b" }, { "reference_url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0" }, { "reference_url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f" }, { "reference_url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0" }, { "reference_url": "https://github.com/ansible/ansible/issues/67792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67792" }, { "reference_url": "https://github.com/ansible/ansible/issues/70159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/70159" }, { "reference_url": "https://github.com/ansible/ansible/pull/70596", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/70596" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2020-1734" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734", "reference_id": "CVE-2020-1734", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/14352?format=api", "purl": "pkg:pypi/ansible@2.8.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/17008?format=api", "purl": "pkg:pypi/ansible@2.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/17068?format=api", "purl": "pkg:pypi/ansible@2.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1" } ], "aliases": [ "CVE-2020-1734", "GHSA-h39q-95q5-9jfp", "PYSEC-2020-6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6swz-79ue-bbef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7854?format=api", "vulnerability_id": "VCID-7v54-buz9-8bbu", "summary": "The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4658" }, { "reference_url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md" }, { "reference_url": "https://www.securityfocus.com/bid/68233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.securityfocus.com/bid/68233" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7791?format=api", "purl": "pkg:pypi/ansible@1.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.5" } ], "aliases": [ "CVE-2014-4658", "PYSEC-2020-200" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7v54-buz9-8bbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7628?format=api", "vulnerability_id": "VCID-826d-vdw1-dbaj", "summary": "Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3463", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3505" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2018-16837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2018-16837" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07112", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1" }, { "reference_url": "https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4" }, { "reference_url": "https://github.com/ansible/ansible/pull/47436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/47436" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4396" }, { "reference_url": "http://www.securityfocus.com/bid/105700", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105700" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16837", "reference_id": "CVE-2018-16837", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16837" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8016?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/11132?format=api", "purl": "pkg:pypi/ansible@2.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/11131?format=api", "purl": "pkg:pypi/ansible@2.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/11130?format=api", "purl": "pkg:pypi/ansible@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.1" } ], "aliases": [ "CVE-2018-16837", "PYSEC-2018-44" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-826d-vdw1-dbaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8103?format=api", "vulnerability_id": "VCID-95kg-bk3s-g7gx", "summary": "A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20041", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10729" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831089" }, { "reference_url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r6h7-5pq2-j77h" }, { "reference_url": "https://github.com/ansible/ansible/issues/34144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/34144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-10729", "GHSA-r6h7-5pq2-j77h", "PYSEC-2021-105" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95kg-bk3s-g7gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7851?format=api", "vulnerability_id": "VCID-a1as-vf3m-ukev", "summary": "Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the \"deb http://user:pass@server:port/\" format.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20225", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4660" }, { "reference_url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md" }, { "reference_url": "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2014-4660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2014-4660" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2014/06/26/19", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2014/06/26/19" }, { "reference_url": "https://www.securityfocus.com/bid/68231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.securityfocus.com/bid/68231" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7791?format=api", "purl": "pkg:pypi/ansible@1.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.5" } ], "aliases": [ "CVE-2014-4660", "PYSEC-2020-202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1as-vf3m-ukev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7852?format=api", "vulnerability_id": "VCID-a7rr-4bvy-7yh9", "summary": "Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the \"deb http://user:pass@server:port/\" format.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11381", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4659" }, { "reference_url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md" }, { "reference_url": "https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-201.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-201.yaml" }, { "reference_url": "https://web.archive.org/web/20200229060001/https://www.securityfocus.com/bid/68234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200229060001/https://www.securityfocus.com/bid/68234" }, { "reference_url": "https://www.securityfocus.com/bid/68234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.securityfocus.com/bid/68234" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4659", "reference_id": "CVE-2014-4659", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4659" }, { "reference_url": "https://github.com/advisories/GHSA-6667-f46p-pg88", "reference_id": "GHSA-6667-f46p-pg88", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6667-f46p-pg88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7791?format=api", "purl": "pkg:pypi/ansible@1.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.5" } ], "aliases": [ "CVE-2014-4659", "GHSA-6667-f46p-pg88", "PYSEC-2020-201" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7rr-4bvy-7yh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7942?format=api", "vulnerability_id": "VCID-axds-bd49-fbdj", "summary": "A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11344", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14904" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1776944" }, { "reference_url": "https://github.com/advisories/GHSA-gwr8-5j83-483c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gwr8-5j83-483c" }, { "reference_url": "https://github.com/ansible/ansible/pull/65686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/65686" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11296?format=api", "purl": "pkg:pypi/ansible@2.7.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/13560?format=api", "purl": "pkg:pypi/ansible@2.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/13774?format=api", "purl": "pkg:pypi/ansible@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2" } ], "aliases": [ "CVE-2019-14904", "GHSA-gwr8-5j83-483c", "PYSEC-2020-161" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axds-bd49-fbdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7871?format=api", "vulnerability_id": "VCID-b423-t4kx-eqbq", "summary": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33455", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1735" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735" }, { "reference_url": "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gfr2-qpxh-qj9m" }, { "reference_url": "https://github.com/ansible/ansible/issues/67793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67793" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1735", "GHSA-gfr2-qpxh-qj9m", "PYSEC-2020-7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b423-t4kx-eqbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7950?format=api", "vulnerability_id": "VCID-b8cv-v25q-1kh3", "summary": "An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44392", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14330" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330" }, { "reference_url": "https://github.com/advisories/GHSA-785x-qw4v-6872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-785x-qw4v-6872" }, { "reference_url": "https://github.com/ansible/ansible/issues/68400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/68400" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17069?format=api", "purl": "pkg:pypi/ansible@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0" } ], "aliases": [ "CVE-2020-14330", "GHSA-785x-qw4v-6872", "PYSEC-2020-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8cv-v25q-1kh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7857?format=api", "vulnerability_id": "VCID-brft-snn6-guc8", "summary": "A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35898", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1737" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737" }, { "reference_url": "https://github.com/advisories/GHSA-893h-35v4-mxqx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-893h-35v4-mxqx" }, { "reference_url": "https://github.com/ansible/ansible/issues/67795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67795" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1737", "GHSA-893h-35v4-mxqx", "PYSEC-2020-9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brft-snn6-guc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7597?format=api", "vulnerability_id": "VCID-d3nw-dz41-wfg2", "summary": "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2778" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64186", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628" }, { "reference_url": "https://github.com/advisories/GHSA-jg4f-jqm5-4mgq", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jg4f-jqm5-4mgq" }, { "reference_url": "http://www.securityfocus.com/bid/94109", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94109" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8628", "reference_id": "CVE-2016-8628", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55523?format=api", "purl": "pkg:pypi/ansible@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10192?format=api", "purl": "pkg:pypi/ansible@2.2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0" } ], "aliases": [ "CVE-2016-8628", "GHSA-jg4f-jqm5-4mgq", "PYSEC-2018-38" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3nw-dz41-wfg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7850?format=api", "vulnerability_id": "VCID-duwt-5mk2-8kbf", "summary": "The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10105", "scoring_system": "epss", "scoring_elements": "0.93214", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4678" }, { "reference_url": "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2014-4678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2014-4678" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2014/06/26/30", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2014/06/26/30" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2014/07/02/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2014/07/02/2" }, { "reference_url": "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5" }, { "reference_url": "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7796?format=api", "purl": "pkg:pypi/ansible@1.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.4" } ], "aliases": [ "CVE-2014-4678", "PYSEC-2020-203" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duwt-5mk2-8kbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7848?format=api", "vulnerability_id": "VCID-ekyn-s6c7-pqbs", "summary": "Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03742", "scoring_system": "epss", "scoring_elements": "0.88212", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4966" }, { "reference_url": "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527" }, { "reference_url": "http://www.ocert.org/advisories/ocert-2014-004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ocert.org/advisories/ocert-2014-004.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7799?format=api", "purl": "pkg:pypi/ansible@1.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.7" } ], "aliases": [ "CVE-2014-4966", "PYSEC-2020-204" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekyn-s6c7-pqbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5428?format=api", "vulnerability_id": "VCID-enwa-2cfn-5uab", "summary": "arbitrary command execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51217", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17048?format=api", "purl": "pkg:pypi/ansible@2.9.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-enwa-2cfn-5uab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7179?format=api", "vulnerability_id": "VCID-fqqe-j2g8-k3gr", "summary": "runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16186", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4259" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=998223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998223" }, { "reference_url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg" }, { "reference_url": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg" }, { "reference_url": "http://www.ansible.com/security", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ansible.com/security" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4259", "reference_id": "CVE-2013-4259", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4259" }, { "reference_url": "https://github.com/advisories/GHSA-fj24-ghp9-39v3", "reference_id": "GHSA-fj24-ghp9-39v3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fj24-ghp9-39v3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6425?format=api", "purl": "pkg:pypi/ansible@1.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7v54-buz9-8bbu" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a1as-vf3m-ukev" }, { "vulnerability": "VCID-a7rr-4bvy-7yh9" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rc9e-eprg-pfdg" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-sn3p-chty-aqen" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.3" } ], "aliases": [ "CVE-2013-4259", "GHSA-fj24-ghp9-39v3", "PYSEC-2013-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqqe-j2g8-k3gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7178?format=api", "vulnerability_id": "VCID-h5qr-gjqb-kfd6", "summary": "lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24161", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4260" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=998227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998227" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86898" }, { "reference_url": "https://github.com/ansible/ansible/commit/ed3e4aff84fb32005d8e91dbf0fd7b134a482486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/ed3e4aff84fb32005d8e91dbf0fd7b134a482486" }, { "reference_url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg" }, { "reference_url": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg" }, { "reference_url": "http://www.ansible.com/security", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ansible.com/security" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4260", "reference_id": "CVE-2013-4260", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4260" }, { "reference_url": "https://github.com/advisories/GHSA-pcqv-c46v-2p4v", "reference_id": "GHSA-pcqv-c46v-2p4v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pcqv-c46v-2p4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6425?format=api", "purl": "pkg:pypi/ansible@1.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7v54-buz9-8bbu" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a1as-vf3m-ukev" }, { "vulnerability": "VCID-a7rr-4bvy-7yh9" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rc9e-eprg-pfdg" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-sn3p-chty-aqen" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/7775?format=api", "purl": "pkg:pypi/ansible@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7v54-buz9-8bbu" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a1as-vf3m-ukev" }, { "vulnerability": "VCID-a7rr-4bvy-7yh9" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rc9e-eprg-pfdg" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-sn3p-chty-aqen" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.3.0" } ], "aliases": [ "CVE-2013-4260", "GHSA-pcqv-c46v-2p4v", "PYSEC-2013-2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5qr-gjqb-kfd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7870?format=api", "vulnerability_id": "VCID-hyr1-b223-bkef", "summary": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18673", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1736" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736" }, { "reference_url": "https://github.com/advisories/GHSA-x7jh-595q-wq82", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x7jh-595q-wq82" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/issues/67794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67794" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736", "reference_id": "CVE-2020-1736", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1736" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1736", "GHSA-x7jh-595q-wq82", "PYSEC-2020-8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyr1-b223-bkef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5733?format=api", "vulnerability_id": "VCID-ja3g-kwep-7yhr", "summary": "information disclosure", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21994", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3447" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939349" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/" }, { "reference_url": "https://security.archlinux.org/AVG-1702", "reference_id": "AVG-1702", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6424?format=api", "purl": "pkg:pypi/ansible@1.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7v54-buz9-8bbu" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a1as-vf3m-ukev" }, { "vulnerability": "VCID-a7rr-4bvy-7yh9" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-fqqe-j2g8-k3gr" }, { "vulnerability": "VCID-h5qr-gjqb-kfd6" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rc9e-eprg-pfdg" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-sn3p-chty-aqen" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.2" } ], "aliases": [ "CVE-2021-3447", "PYSEC-2021-107" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ja3g-kwep-7yhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5516?format=api", "vulnerability_id": "VCID-kgjy-7kdy-c3cg", "summary": "information disclosure", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21283?format=api", "purl": "pkg:pypi/ansible@3.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0" } ], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgjy-7kdy-c3cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7366?format=api", "vulnerability_id": "VCID-kzey-xd5m-j7bu", "summary": "The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11346", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3096" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1322925" }, { "reference_url": "https://github.com/advisories/GHSA-rh6x-qvg7-rrmj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rh6x-qvg7-rrmj" }, { "reference_url": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away" }, { "reference_url": "https://github.com/ansible/ansible-modules-extras/pull/1941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible-modules-extras/pull/1941" }, { "reference_url": "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4" }, { "reference_url": "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0" }, { "reference_url": "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig" }, { "reference_url": "https://security.gentoo.org/glsa/201607-14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3096", "reference_id": "CVE-2016-3096", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3096" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55519?format=api", "purl": "pkg:pypi/ansible@1.9.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/8019?format=api", "purl": "pkg:pypi/ansible@2.0.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.2.0" } ], "aliases": [ "CVE-2016-3096", "GHSA-rh6x-qvg7-rrmj", "PYSEC-2016-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzey-xd5m-j7bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7985?format=api", "vulnerability_id": "VCID-m87b-eb5y-8ydf", "summary": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.236", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25635" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible-collections/community.aws/issues/222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/issues/222" }, { "reference_url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635", "reference_id": "CVE-2020-25635", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25635" }, { "reference_url": "https://github.com/advisories/GHSA-f556-49jc-4rvc", "reference_id": "GHSA-f556-49jc-4rvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f556-49jc-4rvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17303?format=api", "purl": "pkg:pypi/ansible@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1" } ], "aliases": [ "CVE-2020-25635", "GHSA-f556-49jc-4rvc", "PYSEC-2020-220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m87b-eb5y-8ydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7868?format=api", "vulnerability_id": "VCID-n2b8-e8fa-2ue1", "summary": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34646", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1740" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740" }, { "reference_url": "https://github.com/advisories/GHSA-vcg8-98q8-g7mj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vcg8-98q8-g7mj" }, { "reference_url": "https://github.com/ansible/ansible/issues/67798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67798" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1740", "GHSA-vcg8-98q8-g7mj", "PYSEC-2020-12" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2b8-e8fa-2ue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7424?format=api", "vulnerability_id": "VCID-nn62-vxhh-zfcs", "summary": "The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68207", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3498" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335551" }, { "reference_url": "https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3498", "reference_id": "CVE-2014-3498", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3498" }, { "reference_url": "https://github.com/advisories/GHSA-4cvm-5776-jx9f", "reference_id": "GHSA-4cvm-5776-jx9f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4cvm-5776-jx9f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7798?format=api", "purl": "pkg:pypi/ansible@1.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.6" } ], "aliases": [ "CVE-2014-3498", "GHSA-4cvm-5776-jx9f", "PYSEC-2017-2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn62-vxhh-zfcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4898?format=api", "vulnerability_id": "VCID-pntx-wfhx-p3aa", "summary": "arbitrary command execution", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03045", "scoring_system": "epss", "scoring_elements": "0.86914", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587" }, { "reference_url": "https://github.com/advisories/GHSA-m956-frf4-m2wr", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m956-frf4-m2wr" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201701-77", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-77" }, { "reference_url": "https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352" }, { "reference_url": "https://www.exploit-db.com/exploits/41013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/41013" }, { "reference_url": "https://www.exploit-db.com/exploits/41013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/41013/" }, { "reference_url": "http://www.securityfocus.com/bid/95352", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95352" }, { "reference_url": "https://security.archlinux.org/AVG-137", "reference_id": "AVG-137", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-137" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9587", "reference_id": "CVE-2016-9587", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9587" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10193?format=api", "purl": "pkg:pypi/ansible@2.1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10194?format=api", "purl": "pkg:pypi/ansible@2.2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0" } ], "aliases": [ "CVE-2016-9587", "GHSA-m956-frf4-m2wr", "PYSEC-2018-39" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pntx-wfhx-p3aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7579?format=api", "vulnerability_id": "VCID-qbws-64b9-83fc", "summary": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2018:3788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2151", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16077", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10874" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874" }, { "reference_url": "https://usn.ubuntu.com/4072-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4072-1/" }, { "reference_url": "http://www.securitytracker.com/id/1041396", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041396" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874", "reference_id": "CVE-2018-10874", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10874" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8016?format=api", "purl": "pkg:pypi/ansible@2.0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10360?format=api", "purl": "pkg:pypi/ansible@2.4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10361?format=api", "purl": "pkg:pypi/ansible@2.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10362?format=api", "purl": "pkg:pypi/ansible@2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.1" } ], "aliases": [ "CVE-2018-10874", "PYSEC-2018-81" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbws-64b9-83fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7847?format=api", "vulnerability_id": "VCID-qpsu-er16-a7dc", "summary": "Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03247", "scoring_system": "epss", "scoring_elements": "0.87343", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4967" }, { "reference_url": "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527" }, { "reference_url": "http://www.ocert.org/advisories/ocert-2014-004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ocert.org/advisories/ocert-2014-004.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7799?format=api", "purl": "pkg:pypi/ansible@1.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.7" } ], "aliases": [ "CVE-2014-4967", "PYSEC-2020-205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpsu-er16-a7dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1054?format=api", "vulnerability_id": "VCID-qtt6-8kf8-1fbt", "summary": "information disclosure", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52692", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3620" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" }, { "reference_url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17056?format=api", "purl": "pkg:pypi/ansible@2.9.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27" } ], "aliases": [ "CVE-2021-3620", "GHSA-4r65-35qq-ch8j", "PYSEC-2022-164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt6-8kf8-1fbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7869?format=api", "vulnerability_id": "VCID-rarq-tdjt-hff3", "summary": "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44079", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1738" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738" }, { "reference_url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f85h-23mf-2fwh" }, { "reference_url": "https://github.com/ansible/ansible/issues/67796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67796" }, { "reference_url": "https://security.gentoo.org/glsa/202006-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1738", "GHSA-f85h-23mf-2fwh", "PYSEC-2020-10" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rarq-tdjt-hff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7853?format=api", "vulnerability_id": "VCID-rc9e-eprg-pfdg", "summary": "The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03071", "scoring_system": "epss", "scoring_elements": "0.8698", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4657" }, { "reference_url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md" }, { "reference_url": "https://www.securityfocus.com/bid/68232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.securityfocus.com/bid/68232" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7790?format=api", "purl": "pkg:pypi/ansible@1.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7v54-buz9-8bbu" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a1as-vf3m-ukev" }, { "vulnerability": "VCID-a7rr-4bvy-7yh9" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.4" } ], "aliases": [ "CVE-2014-4657", "PYSEC-2020-199" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc9e-eprg-pfdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7598?format=api", "vulnerability_id": "VCID-rgk8-k53p-gkft", "summary": "A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27718", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8614" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614" }, { "reference_url": "https://github.com/advisories/GHSA-cmwx-9m2h-x7v4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cmwx-9m2h-x7v4" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/issues/5237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible-modules-core/issues/5237" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible-modules-core/pull/5353" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible-modules-core/pull/5357" }, { "reference_url": "http://www.securityfocus.com/bid/94108", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94108" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8614", "reference_id": "CVE-2016-8614", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55523?format=api", "purl": "pkg:pypi/ansible@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10192?format=api", "purl": "pkg:pypi/ansible@2.2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0" } ], "aliases": [ "CVE-2016-8614", "GHSA-cmwx-9m2h-x7v4", "PYSEC-2018-37" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgk8-k53p-gkft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7863?format=api", "vulnerability_id": "VCID-rnub-zmb6-5yhw", "summary": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1474", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1739" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739" }, { "reference_url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-923p-fr2c-g5m2" }, { "reference_url": "https://github.com/ansible/ansible/issues/67797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/67797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11298?format=api", "purl": "pkg:pypi/ansible@2.7.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/13778?format=api", "purl": "pkg:pypi/ansible@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/13779?format=api", "purl": "pkg:pypi/ansible@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-ydka-2etb-hue9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6" } ], "aliases": [ "CVE-2020-1739", "GHSA-923p-fr2c-g5m2", "PYSEC-2020-11" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rnub-zmb6-5yhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7574?format=api", "vulnerability_id": "VCID-s2w1-fedq-ckes", "summary": "Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1334", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1334" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02659", "scoring_system": "epss", "scoring_elements": "0.86041", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7466" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466" }, { "reference_url": "http://www.securityfocus.com/bid/97595", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97595" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7466", "reference_id": "CVE-2017-7466", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7466" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9339?format=api", "purl": "pkg:pypi/ansible@2.3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a79h-gfcm-13cq" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.0.0" } ], "aliases": [ "CVE-2017-7466", "PYSEC-2018-40" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s2w1-fedq-ckes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7818?format=api", "vulnerability_id": "VCID-sn3p-chty-aqen", "summary": "Ansible prior to 1.5.4 mishandles the evaluation of some strings.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49423", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2686" }, { "reference_url": "https://groups.google.com/forum/#!searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7790?format=api", "purl": "pkg:pypi/ansible@1.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7v54-buz9-8bbu" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a1as-vf3m-ukev" }, { "vulnerability": "VCID-a7rr-4bvy-7yh9" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.4" } ], "aliases": [ "CVE-2014-2686", "PYSEC-2020-198" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sn3p-chty-aqen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7423?format=api", "vulnerability_id": "VCID-u1pn-s2ug-nucg", "summary": "The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1348", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-6240" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243468" }, { "reference_url": "https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015" }, { "reference_url": "https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647" }, { "reference_url": "https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" }, { "reference_url": "http://www.ansible.com/security", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ansible.com/security" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/08/17/10", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/08/17/10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7814?format=api", "purl": "pkg:pypi/ansible@1.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.2" } ], "aliases": [ "CVE-2015-6240", "PYSEC-2017-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1pn-s2ug-nucg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5840?format=api", "vulnerability_id": "VCID-uvca-5e2n-pqew", "summary": "information disclosure", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07158", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" }, { "reference_url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20863?format=api", "purl": "pkg:pypi/ansible@2.10.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kgjy-7kdy-c3cg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/17019?format=api", "purl": "pkg:pypi/ansible@2.8.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/17038?format=api", "purl": "pkg:pypi/ansible@2.9.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18" } ], "aliases": [ "CVE-2021-20191", "GHSA-8f4m-hccc-8qph", "PYSEC-2021-124" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvca-5e2n-pqew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7594?format=api", "vulnerability_id": "VCID-vtec-237j-1ua2", "summary": "An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39914", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647" }, { "reference_url": "https://github.com/advisories/GHSA-x4cm-m36h-c6qj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x4cm-m36h-c6qj" }, { "reference_url": "https://github.com/ansible/ansible-modules-core/pull/5388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible-modules-core/pull/5388" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8647", "reference_id": "CVE-2016-8647", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8647" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10194?format=api", "purl": "pkg:pypi/ansible@2.2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0" } ], "aliases": [ "CVE-2016-8647", "GHSA-x4cm-m36h-c6qj", "PYSEC-2018-58" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtec-237j-1ua2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7736?format=api", "vulnerability_id": "VCID-xn7b-vz2e-6qdh", "summary": "A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3789" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00589", "scoring_system": "epss", "scoring_elements": "0.69494", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10156" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156" }, { "reference_url": "https://github.com/advisories/GHSA-grgm-pph5-j5h7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-grgm-pph5-j5h7" }, { "reference_url": "https://github.com/ansible/ansible/pull/57188", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/57188" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12698?format=api", "purl": "pkg:pypi/ansible@2.6.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/11293?format=api", "purl": "pkg:pypi/ansible@2.7.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/12699?format=api", "purl": "pkg:pypi/ansible@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-mk3k-n9wn-q3ct" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2" } ], "aliases": [ "CVE-2019-10156", "GHSA-grgm-pph5-j5h7", "PYSEC-2019-2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xn7b-vz2e-6qdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7641?format=api", "vulnerability_id": "VCID-zcmk-4k97-kkd9", "summary": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3773" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25744", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16859" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859" }, { "reference_url": "https://cwe.mitre.org/data/definitions/200.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "reference_url": "https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c" }, { "reference_url": "https://github.com/ansible/ansible/pull/49142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/pull/49142" }, { "reference_url": "http://www.securityfocus.com/bid/106004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106004" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/11281?format=api", "purl": "pkg:pypi/ansible@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/11308?format=api", "purl": "pkg:pypi/ansible@2.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/11283?format=api", "purl": "pkg:pypi/ansible@2.6.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/11309?format=api", "purl": "pkg:pypi/ansible@2.6.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/11285?format=api", "purl": "pkg:pypi/ansible@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/11306?format=api", "purl": "pkg:pypi/ansible@2.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7f2g-zz9p-sufc" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-bmq3-uckn-tfhk" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-gnq4-v5a7-m3ew" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/11307?format=api", "purl": "pkg:pypi/ansible@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39vn-b7y4-v3ez" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-4tfv-snmv-bbax" }, { "vulnerability": "VCID-52zf-mjec-f3d5" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-7d8z-g99x-7qh2" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-aq21-sp74-17gk" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-bvsa-kz7r-zyea" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-mk3k-n9wn-q3ct" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nx86-xnct-afbs" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-tfhg-gzz2-7qc5" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-xpfd-zdry-euh5" }, { "vulnerability": "VCID-zjct-yufk-jkdg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1" } ], "aliases": [ "CVE-2018-16859", "PYSEC-2018-60" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zcmk-4k97-kkd9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7561?format=api", "vulnerability_id": "VCID-mcmb-z5r5-4ug8", "summary": "Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0035", "scoring_system": "epss", "scoring_elements": "0.57718", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2233" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=980821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=980821" }, { "reference_url": "https://github.com/advisories/GHSA-9x6q-5423-w5v9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9x6q-5423-w5v9" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/issues/857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible/ansible/issues/857" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-36.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-36.yaml" }, { "reference_url": "https://www.ansible.com/security", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ansible.com/security" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/07/01/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/07/01/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/07/02/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/07/02/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2233", "reference_id": "CVE-2013-2233", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2233" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6423?format=api", "purl": "pkg:pypi/ansible@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-24vk-y12h-nbau" }, { "vulnerability": "VCID-3jxq-kxnz-6bfh" }, { "vulnerability": "VCID-4331-d5yy-uybc" }, { "vulnerability": "VCID-5mcc-gtrr-j3e4" }, { "vulnerability": "VCID-664v-ms96-jfd2" }, { "vulnerability": "VCID-6hdk-ywcn-4qe4" }, { "vulnerability": "VCID-6smx-ju23-8qes" }, { "vulnerability": "VCID-6swz-79ue-bbef" }, { "vulnerability": "VCID-7v54-buz9-8bbu" }, { "vulnerability": "VCID-826d-vdw1-dbaj" }, { "vulnerability": "VCID-95kg-bk3s-g7gx" }, { "vulnerability": "VCID-a1as-vf3m-ukev" }, { "vulnerability": "VCID-a7rr-4bvy-7yh9" }, { "vulnerability": "VCID-axds-bd49-fbdj" }, { "vulnerability": "VCID-b423-t4kx-eqbq" }, { "vulnerability": "VCID-b8cv-v25q-1kh3" }, { "vulnerability": "VCID-brft-snn6-guc8" }, { "vulnerability": "VCID-d3nw-dz41-wfg2" }, { "vulnerability": "VCID-duwt-5mk2-8kbf" }, { "vulnerability": "VCID-ekyn-s6c7-pqbs" }, { "vulnerability": "VCID-enwa-2cfn-5uab" }, { "vulnerability": "VCID-fqqe-j2g8-k3gr" }, { "vulnerability": "VCID-h5qr-gjqb-kfd6" }, { "vulnerability": "VCID-hyr1-b223-bkef" }, { "vulnerability": "VCID-ja3g-kwep-7yhr" }, { "vulnerability": "VCID-kgjy-7kdy-c3cg" }, { "vulnerability": "VCID-kzey-xd5m-j7bu" }, { "vulnerability": "VCID-m87b-eb5y-8ydf" }, { "vulnerability": "VCID-n2b8-e8fa-2ue1" }, { "vulnerability": "VCID-nn62-vxhh-zfcs" }, { "vulnerability": "VCID-pntx-wfhx-p3aa" }, { "vulnerability": "VCID-qbws-64b9-83fc" }, { "vulnerability": "VCID-qpsu-er16-a7dc" }, { "vulnerability": "VCID-qtt6-8kf8-1fbt" }, { "vulnerability": "VCID-rarq-tdjt-hff3" }, { "vulnerability": "VCID-rc9e-eprg-pfdg" }, { "vulnerability": "VCID-rgk8-k53p-gkft" }, { "vulnerability": "VCID-rnub-zmb6-5yhw" }, { "vulnerability": "VCID-s2w1-fedq-ckes" }, { "vulnerability": "VCID-sn3p-chty-aqen" }, { "vulnerability": "VCID-u1pn-s2ug-nucg" }, { "vulnerability": "VCID-uvca-5e2n-pqew" }, { "vulnerability": "VCID-vtec-237j-1ua2" }, { "vulnerability": "VCID-xn7b-vz2e-6qdh" }, { "vulnerability": "VCID-zcmk-4k97-kkd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.1" } ], "aliases": [ "CVE-2013-2233", "GHSA-9x6q-5423-w5v9", "PYSEC-2018-36" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcmb-z5r5-4ug8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.1" }