Search for packages
| purl | pkg:pypi/ansible@2.4 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3jh2-znva-2bb6
Aliases: CVE-2018-7750 GHSA-232r-66cg-79px PYSEC-2018-19 |
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. |
Affected by 39 other vulnerabilities. |
|
VCID-wqm7-2ajr-6ue8
Aliases: CVE-2018-10874 GHSA-3xvg-x47j-x75w PYSEC-2018-81 |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. |
Affected by 37 other vulnerabilities. Affected by 39 other vulnerabilities. Affected by 40 other vulnerabilities. |
|
VCID-y91x-2rch-pkar
Aliases: CVE-2018-10875 GHSA-fc4h-467w-46rh PYSEC-2018-43 |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. |
Affected by 37 other vulnerabilities. Affected by 39 other vulnerabilities. Affected by 40 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:51.102264+00:00 | GitLab Importer | Affected by | VCID-y91x-2rch-pkar | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-10875.yml | 38.0.0 |
| 2026-04-01T12:47:49.102664+00:00 | GitLab Importer | Affected by | VCID-wqm7-2ajr-6ue8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-10874.yml | 38.0.0 |
| 2026-04-01T12:47:37.080440+00:00 | GitLab Importer | Affected by | VCID-3jh2-znva-2bb6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-7750.yml | 38.0.0 |