VulnerableCode Package Details - pkg:ebuild/app-admin/ansible@1.6.8

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4b5u-b82x-zkc5	Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.	CVE-2014-4967 GHSA-64cw-m57j-65xj PYSEC-2020-205
VCID-7sp5-368w-w3fd	The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.	CVE-2014-4678 GHSA-66c7-5pwv-mm3j PYSEC-2020-203
VCID-8pn7-4k42-6qeb	Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.	CVE-2014-4966 GHSA-wqq5-c89p-3wc3 PYSEC-2020-204
VCID-vdyk-rcxz-z7an	The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.	CVE-2014-4657 GHSA-qg47-5px9-32g7 PYSEC-2020-199

Vulnerability

Summary

Aliases

VCID-4b5u-b82x-zkc5

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.

CVE-2014-4967
GHSA-64cw-m57j-65xj
PYSEC-2020-205

VCID-7sp5-368w-w3fd

The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.

CVE-2014-4678
GHSA-66c7-5pwv-mm3j
PYSEC-2020-203

VCID-8pn7-4k42-6qeb

Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.

CVE-2014-4966
GHSA-wqq5-c89p-3wc3
PYSEC-2020-204

VCID-vdyk-rcxz-z7an

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

CVE-2014-4657
GHSA-qg47-5px9-32g7
PYSEC-2020-199

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:03:29.025667+00:00	Gentoo Importer	Fixing	VCID-4b5u-b82x-zkc5	https://security.gentoo.org/glsa/201411-09	38.0.0
2026-04-01T13:03:29.016115+00:00	Gentoo Importer	Fixing	VCID-8pn7-4k42-6qeb	https://security.gentoo.org/glsa/201411-09	38.0.0
2026-04-01T13:03:29.005151+00:00	Gentoo Importer	Fixing	VCID-7sp5-368w-w3fd	https://security.gentoo.org/glsa/201411-09	38.0.0
2026-04-01T13:03:28.995622+00:00	Gentoo Importer	Fixing	VCID-vdyk-rcxz-z7an	https://security.gentoo.org/glsa/201411-09	38.0.0