Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-b423-t4kx-eqbq
Vulnerability ID VCID-b423-t4kx-eqbq
Aliases CVE-2020-1735
GHSA-gfr2-qpxh-qj9m
PYSEC-2020-7
Summary A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2020-1735
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-1735
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
https://github.com/ansible/ansible/issues/67793
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
https://security.gentoo.org/glsa/202006-11
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.33455
EPSS Score 0.00138
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:19:06.747537+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2020-7.yaml 38.6.0