{"url":"http://public2.vulnerablecode.io/api/packages/7649?format=json","purl":"pkg:pypi/ansible@1.2.2","type":"pypi","namespace":"","name":"ansible","version":"1.2.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.9.6.1","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35242?format=json","vulnerability_id":"VCID-1d8u-w26v-nqfd","summary":"Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2778","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:2778"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8628.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8628.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8628","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64219","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628"},{"reference_url":"https://github.com/advisories/GHSA-jg4f-jqm5-4mgq","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jg4f-jqm5-4mgq"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/35938b907dfcd1106ca40b794f0db446bdb8cf09","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/35938b907dfcd1106ca40b794f0db446bdb8cf09"},{"reference_url":"https://github.com/ansible/ansible/issues/41903","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/41903"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-38.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-38.yaml"},{"reference_url":"https://web.archive.org/web/20200227214455/http://www.securityfocus.com/bid/94109","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227214455/http://www.securityfocus.com/bid/94109"},{"reference_url":"http://www.securityfocus.com/bid/94109","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388113","reference_id":"1388113","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388113"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842985","reference_id":"842985","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842985"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8628","reference_id":"CVE-2016-8628","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56531?format=json","purl":"pkg:pypi/ansible@2.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11417?format=json","purl":"pkg:pypi/ansible@2.2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0"}],"aliases":["CVE-2016-8628","GHSA-jg4f-jqm5-4mgq","PYSEC-2018-38"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1d8u-w26v-nqfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35418?format=json","vulnerability_id":"VCID-1sty-hqbq-63hy","summary":"In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3201","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3202","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3203","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3203"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3207","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0756","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0756"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14846.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14846","reference_id":"","reference_type":"","scores":[{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30006","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14846"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4"},{"reference_url":"https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb2993034"},{"reference_url":"https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b"},{"reference_url":"https://github.com/ansible/ansible/pull/63366","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/63366"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1755373","reference_id":"1755373","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1755373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188","reference_id":"942188","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942188"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14846","reference_id":"CVE-2019-14846","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14846"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14349?format=json","purl":"pkg:pypi/ansible@2.6.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20"},{"url":"http://public2.vulnerablecode.io/api/packages/12520?format=json","purl":"pkg:pypi/ansible@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/14350?format=json","purl":"pkg:pypi/ansible@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/18247?format=json","purl":"pkg:pypi/ansible@2.9.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.0b1"}],"aliases":["CVE-2019-14846","GHSA-pm48-cvv2-29q5","PYSEC-2019-4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sty-hqbq-63hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35060?format=json","vulnerability_id":"VCID-2tq8-8hu5-juc2","summary":"The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6240.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6240.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6240","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13416","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6240"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243468","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243468"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015"},{"reference_url":"https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647"},{"reference_url":"https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-3.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6240","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6240"},{"reference_url":"http://www.ansible.com/security","reference_id":"","reference_type":"","scores":[],"url":"http://www.ansible.com/security"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/08/17/10","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/08/17/10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9039?format=json","purl":"pkg:pypi/ansible@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.2"}],"aliases":["CVE-2015-6240","GHSA-wwwh-47wp-m522","PYSEC-2017-3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tq8-8hu5-juc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35532?format=json","vulnerability_id":"VCID-2z4k-r21v-rfgx","summary":"A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1736.json","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1736","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18665","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1736"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736"},{"reference_url":"https://github.com/advisories/GHSA-x7jh-595q-wq82","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7jh-595q-wq82"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/issues/67794","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67794"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802124","reference_id":"1802124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802124"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966663","reference_id":"966663","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966663"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1736","reference_id":"CVE-2020-1736","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3600","reference_id":"RHSA-2020:3600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3600"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1736","GHSA-x7jh-595q-wq82","PYSEC-2020-8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2z4k-r21v-rfgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35337?format=json","vulnerability_id":"VCID-5p9q-7q6e-vkg8","summary":"Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"},{"reference_url":"http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3744","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3789","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3789"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3828.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3828.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3828","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09976","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3828"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828"},{"reference_url":"https://github.com/advisories/GHSA-74vq-h4q8-x6jv","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74vq-h4q8-x6jv"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110"},{"reference_url":"https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333"},{"reference_url":"https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93"},{"reference_url":"https://github.com/ansible/ansible/pull/52133","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/52133"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml"},{"reference_url":"https://usn.ubuntu.com/4072-1","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4072-1"},{"reference_url":"https://usn.ubuntu.com/4072-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1676689","reference_id":"1676689","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1676689"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922537","reference_id":"922537","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922537"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3828","reference_id":"CVE-2019-3828","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0430","reference_id":"RHSA-2019:0430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0431","reference_id":"RHSA-2019:0431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0432","reference_id":"RHSA-2019:0432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0433","reference_id":"RHSA-2019:0433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0433"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13181?format=json","purl":"pkg:pypi/ansible@2.5.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.15"},{"url":"http://public2.vulnerablecode.io/api/packages/13182?format=json","purl":"pkg:pypi/ansible@2.6.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.14"},{"url":"http://public2.vulnerablecode.io/api/packages/12514?format=json","purl":"pkg:pypi/ansible@2.7.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.8"}],"aliases":["CVE-2019-3828","GHSA-74vq-h4q8-x6jv","PYSEC-2019-5"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p9q-7q6e-vkg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35533?format=json","vulnerability_id":"VCID-7qnx-1gp2-v7bb","summary":"A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1735.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1735","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33415","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1735"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735"},{"reference_url":"https://github.com/advisories/GHSA-gfr2-qpxh-qj9m","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfr2-qpxh-qj9m"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-7","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-7"},{"reference_url":"https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1"},{"reference_url":"https://github.com/ansible/ansible/commit/40969ff43812fabf5397f818d9e521f9b39c9c9a","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/40969ff43812fabf5397f818d9e521f9b39c9c9a"},{"reference_url":"https://github.com/ansible/ansible/commit/de9a4f5474c5f5db442ae7493d6b5da7177e335d","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/de9a4f5474c5f5db442ae7493d6b5da7177e335d"},{"reference_url":"https://github.com/ansible/ansible/issues/67793","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67793"},{"reference_url":"https://github.com/ansible/ansible/pull/69023","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/69023"},{"reference_url":"https://github.com/ansible/ansible/pull/69024","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/69024"},{"reference_url":"https://github.com/ansible/ansible/pull/69025","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/69025"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-7.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-7.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802085","reference_id":"1802085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802085"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1735","reference_id":"CVE-2020-1735","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12524?format=json","purl":"pkg:pypi/ansible@2.7.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18"},{"url":"http://public2.vulnerablecode.io/api/packages/12525?format=json","purl":"pkg:pypi/ansible@2.8.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15574?format=json","purl":"pkg:pypi/ansible@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15575?format=json","purl":"pkg:pypi/ansible@2.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.8"}],"aliases":["CVE-2020-1735","GHSA-gfr2-qpxh-qj9m","PYSEC-2020-7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qnx-1gp2-v7bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35061?format=json","vulnerability_id":"VCID-7skd-9hpb-dbhj","summary":"The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3498.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3498","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68255","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3498"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335551","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335551"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-2.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3498","reference_id":"CVE-2014-3498","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3498"},{"reference_url":"https://github.com/advisories/GHSA-4cvm-5776-jx9f","reference_id":"GHSA-4cvm-5776-jx9f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4cvm-5776-jx9f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9023?format=json","purl":"pkg:pypi/ansible@1.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.6"}],"aliases":["CVE-2014-3498","GHSA-4cvm-5776-jx9f","PYSEC-2017-2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7skd-9hpb-dbhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35811?format=json","vulnerability_id":"VCID-833d-up6b-rfe1","summary":"A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10729.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10729","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20032","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10729"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831089","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831089"},{"reference_url":"https://github.com/advisories/GHSA-r6h7-5pq2-j77h","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6h7-5pq2-j77h"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.6/changelogs/CHANGELOG-v2.9.rst"},{"reference_url":"https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/c520d70bf4748c8ee6718a7d0d0254051ba1c2e9"},{"reference_url":"https://github.com/ansible/ansible/issues/34144","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/34144"},{"reference_url":"https://github.com/ansible/ansible/pull/67429","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/67429"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-105.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10729","reference_id":"CVE-2020-10729","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-10729","GHSA-r6h7-5pq2-j77h","PYSEC-2021-105"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35785?format=json","vulnerability_id":"VCID-8u2v-jtqe-dqg3","summary":"A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20228.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20228","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47765","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20228"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925002"},{"reference_url":"https://github.com/advisories/GHSA-5rrg-rr89-x9mv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rrg-rr89-x9mv"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c"},{"reference_url":"https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b"},{"reference_url":"https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120"},{"reference_url":"https://github.com/ansible/ansible/pull/73487","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73487"},{"reference_url":"https://github.com/ansible/ansible/pull/73492","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73492"},{"reference_url":"https://github.com/ansible/ansible/pull/73493","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73493"},{"reference_url":"https://github.com/ansible/ansible/pull/73494","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73494"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20228","reference_id":"CVE-2021-20228","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9241?format=json","purl":"pkg:pypi/ansible@2.0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18243?format=json","purl":"pkg:pypi/ansible@2.8.19rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/14786?format=json","purl":"pkg:pypi/ansible@2.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18262?format=json","purl":"pkg:pypi/ansible@2.9.18rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18265?format=json","purl":"pkg:pypi/ansible@2.9.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19"},{"url":"http://public2.vulnerablecode.io/api/packages/151620?format=json","purl":"pkg:pypi/ansible@2.10.6rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22087?format=json","purl":"pkg:pypi/ansible@2.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6"}],"aliases":["CVE-2021-20228","GHSA-5rrg-rr89-x9mv","PYSEC-2021-1"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35513?format=json","vulnerability_id":"VCID-9pwe-zdc3-sbcu","summary":"Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the \"deb http://user:pass@server:port/\" format.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4659.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4659.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4659","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11314","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4659"},{"reference_url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md"},{"reference_url":"https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-201.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-201.yaml"},{"reference_url":"https://web.archive.org/web/20200229060001/https://www.securityfocus.com/bid/68234","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229060001/https://www.securityfocus.com/bid/68234"},{"reference_url":"https://www.securityfocus.com/bid/68234","reference_id":"","reference_type":"","scores":[],"url":"https://www.securityfocus.com/bid/68234"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831254","reference_id":"1831254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831254"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4659","reference_id":"CVE-2014-4659","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4659"},{"reference_url":"https://github.com/advisories/GHSA-6667-f46p-pg88","reference_id":"GHSA-6667-f46p-pg88","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6667-f46p-pg88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9016?format=json","purl":"pkg:pypi/ansible@1.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.5"}],"aliases":["CVE-2014-4659","GHSA-6667-f46p-pg88","PYSEC-2020-201"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9pwe-zdc3-sbcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35653?format=json","vulnerability_id":"VCID-am9g-ba4h-sfhr","summary":"A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25635.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25635","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23595","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25635"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible-collections/community.aws/issues/222","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.aws/issues/222"},{"reference_url":"https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880275","reference_id":"1880275","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880275"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25635","reference_id":"CVE-2020-25635","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25635"},{"reference_url":"https://github.com/advisories/GHSA-f556-49jc-4rvc","reference_id":"GHSA-f556-49jc-4rvc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f556-49jc-4rvc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18528?format=json","purl":"pkg:pypi/ansible@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-t2da-uh4n-yya2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1"}],"aliases":["CVE-2020-25635","GHSA-f556-49jc-4rvc","PYSEC-2020-220"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34965?format=json","vulnerability_id":"VCID-bg46-sd2p-h7ez","summary":"Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3908.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3908.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3908","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44191","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3908"},{"reference_url":"https://github.com/advisories/GHSA-w64c-pxjj-h866","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w64c-pxjj-h866"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2015-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2015-1.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3908","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3908"},{"reference_url":"http://www.ansible.com/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ansible.com/security"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/07/14/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/07/14/4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9039?format=json","purl":"pkg:pypi/ansible@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.2"}],"aliases":["CVE-2015-3908","GHSA-w64c-pxjj-h866","PYSEC-2015-1"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bg46-sd2p-h7ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34811?format=json","vulnerability_id":"VCID-bwsk-15wb-jkfz","summary":"runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4259","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1617","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=998223","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=998223"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2013-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2013-1.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg"},{"reference_url":"https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg"},{"reference_url":"http://www.ansible.com/security","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ansible.com/security"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721766","reference_id":"721766","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721766"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4259","reference_id":"CVE-2013-4259","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4259"},{"reference_url":"https://github.com/advisories/GHSA-fj24-ghp9-39v3","reference_id":"GHSA-fj24-ghp9-39v3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fj24-ghp9-39v3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7650?format=json","purl":"pkg:pypi/ansible@1.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-9pwe-zdc3-sbcu"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gg28-jm4a-1ue9"},{"vulnerability":"VCID-ghxm-6brq-bqc9"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gmbu-guk2-r7dg"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-tuhu-e8gj-rbbg"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.3"}],"aliases":["CVE-2013-4259","GHSA-fj24-ghp9-39v3","PYSEC-2013-1"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwsk-15wb-jkfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35529?format=json","vulnerability_id":"VCID-cuq1-se5h-vygd","summary":"A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1753.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1753","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16098","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753"},{"reference_url":"https://github.com/advisories/GHSA-86hp-cj9j-33vv","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86hp-cj9j-33vv"},{"reference_url":"https://github.com/ansible/ansible/commit/04ba05e003b268b83df6c106ba5c0f08548b1380","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/04ba05e003b268b83df6c106ba5c0f08548b1380"},{"reference_url":"https://github.com/ansible/ansible/commit/137caed836ef096945086cfe75dc11587b68db3a","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/137caed836ef096945086cfe75dc11587b68db3a"},{"reference_url":"https://github.com/ansible/ansible/commit/273d8538dbe5a7b5c9954f1929d3bb00904c43f6","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/273d8538dbe5a7b5c9954f1929d3bb00904c43f6"},{"reference_url":"https://github.com/ansible/ansible/pull/68195","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/68195"},{"reference_url":"https://github.com/ansible-collections/kubernetes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/kubernetes"},{"reference_url":"https://github.com/ansible-collections/kubernetes/pull/51","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/kubernetes/pull/51"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-210.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-210.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811008","reference_id":"1811008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811008"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1753","reference_id":"CVE-2020-1753","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2142","reference_id":"RHSA-2020:2142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2142"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12524?format=json","purl":"pkg:pypi/ansible@2.7.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18"},{"url":"http://public2.vulnerablecode.io/api/packages/12525?format=json","purl":"pkg:pypi/ansible@2.8.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15574?format=json","purl":"pkg:pypi/ansible@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1753","GHSA-86hp-cj9j-33vv","PYSEC-2020-210"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuq1-se5h-vygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35530?format=json","vulnerability_id":"VCID-cxts-25nq-4fcs","summary":"A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1740.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1740","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34611","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1740"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740"},{"reference_url":"https://github.com/advisories/GHSA-vcg8-98q8-g7mj","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcg8-98q8-g7mj"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/28f9fbdb5e281976e33f443193047068afb97a9b","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/28f9fbdb5e281976e33f443193047068afb97a9b"},{"reference_url":"https://github.com/ansible/ansible/commit/2a563514f070a0a8ba64aebf6bce21194be96c73","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/2a563514f070a0a8ba64aebf6bce21194be96c73"},{"reference_url":"https://github.com/ansible/ansible/commit/685a4b6d3ff72186d2b4ffce73172a5446a71ccc","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/685a4b6d3ff72186d2b4ffce73172a5446a71ccc"},{"reference_url":"https://github.com/ansible/ansible/commit/ef32a5bf96a89107986375516285253c1380d7ef","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/ef32a5bf96a89107986375516285253c1380d7ef"},{"reference_url":"https://github.com/ansible/ansible/issues/67798","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67798"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-12.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-12.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802193","reference_id":"1802193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802193"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1740","reference_id":"CVE-2020-1740","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12525?format=json","purl":"pkg:pypi/ansible@2.8.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1740","GHSA-vcg8-98q8-g7mj","PYSEC-2020-12"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxts-25nq-4fcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3444?format=json","vulnerability_id":"VCID-dkds-s3ad-cufa","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3620","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3620"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3620","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52707","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3620"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767"},{"reference_url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://security.archlinux.org/AVG-1941","reference_id":"AVG-1941","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1941"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620","reference_id":"CVE-2021-3620","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3871","reference_id":"RHSA-2021:3871","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3871"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3872","reference_id":"RHSA-2021:3872","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3874","reference_id":"RHSA-2021:3874","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4703","reference_id":"RHSA-2021:4703","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:4703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4750","reference_id":"RHSA-2021:4750","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:4750"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18281?format=json","purl":"pkg:pypi/ansible@2.9.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27"}],"aliases":["CVE-2021-3620","GHSA-4r65-35qq-ch8j","PYSEC-2022-164"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34998?format=json","vulnerability_id":"VCID-g8tj-eaqr-myaa","summary":"The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3096.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3096.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3096","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11273","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3096"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1322925","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1322925"},{"reference_url":"https://github.com/advisories/GHSA-rh6x-qvg7-rrmj","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rh6x-qvg7-rrmj"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away"},{"reference_url":"https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-extras/commit/7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3"},{"reference_url":"https://github.com/ansible/ansible-modules-extras/pull/1941","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-extras/pull/1941"},{"reference_url":"https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2016-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2016-1.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21topic/ansible-announce/E80HLZilTU0"},{"reference_url":"https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21topic/ansible-announce/tqiZbcWxYig"},{"reference_url":"https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0"},{"reference_url":"https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig"},{"reference_url":"https://security.gentoo.org/glsa/201607-14","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201607-14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819676","reference_id":"819676","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819676"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3096","reference_id":"CVE-2016-3096","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3096"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56527?format=json","purl":"pkg:pypi/ansible@1.9.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9244?format=json","purl":"pkg:pypi/ansible@2.0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.2.0"}],"aliases":["CVE-2016-3096","GHSA-rh6x-qvg7-rrmj","PYSEC-2016-1"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8tj-eaqr-myaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35515?format=json","vulnerability_id":"VCID-gg28-jm4a-1ue9","summary":"The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4658.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4658","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17291","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4658"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md"},{"reference_url":"https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-200.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-200.yaml"},{"reference_url":"https://web.archive.org/web/20210120133853/https://www.securityfocus.com/bid/68233","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210120133853/https://www.securityfocus.com/bid/68233"},{"reference_url":"https://www.securityfocus.com/bid/68233","reference_id":"","reference_type":"","scores":[],"url":"https://www.securityfocus.com/bid/68233"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831258","reference_id":"1831258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4658","reference_id":"CVE-2014-4658","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4658"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9016?format=json","purl":"pkg:pypi/ansible@1.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.5"}],"aliases":["CVE-2014-4658","GHSA-5g4v-2pc6-4hh4","PYSEC-2020-200"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg28-jm4a-1ue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35478?format=json","vulnerability_id":"VCID-ghxm-6brq-bqc9","summary":"Ansible prior to 1.5.4 mishandles the evaluation of some strings.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2686","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49449","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2686"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-198.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-198.yaml"},{"reference_url":"https://groups.google.com/forum/#!searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!searchin/ansible-project/1.5.4/ansible-project/MUQxiKwSQDc/id6aVaawVboJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2686","reference_id":"CVE-2014-2686","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2686"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9015?format=json","purl":"pkg:pypi/ansible@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-9pwe-zdc3-sbcu"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gg28-jm4a-1ue9"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gmbu-guk2-r7dg"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.4"}],"aliases":["CVE-2014-2686","GHSA-49m5-2838-q2rv","PYSEC-2020-198"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghxm-6brq-bqc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7216?format=json","vulnerability_id":"VCID-gm99-68bj-c3cz","summary":"arbitrary command execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3583","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51238","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412"},{"reference_url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e"},{"reference_url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847"},{"reference_url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1"},{"reference_url":"https://github.com/ansible/ansible/pull/74960","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/74960"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://security.archlinux.org/AVG-2260","reference_id":"AVG-2260","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2260"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583","reference_id":"CVE-2021-3583","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2663","reference_id":"RHSA-2021:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2664","reference_id":"RHSA-2021:2664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2664"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18272?format=json","purl":"pkg:pypi/ansible@2.9.23rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18273?format=json","purl":"pkg:pypi/ansible@2.9.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23"},{"url":"http://public2.vulnerablecode.io/api/packages/140873?format=json","purl":"pkg:pypi/ansible@2.10.11rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.11rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/140874?format=json","purl":"pkg:pypi/ansible@2.11.2rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.11.2rc1"}],"aliases":["CVE-2021-3583","GHSA-2pfh-q76x-gwvm","PYSEC-2021-358"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35512?format=json","vulnerability_id":"VCID-gmbu-guk2-r7dg","summary":"Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the \"deb http://user:pass@server:port/\" format.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4660","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20216","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4660"},{"reference_url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md"},{"reference_url":"https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-202.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-202.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4660","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4660"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2014-4660","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2014-4660"},{"reference_url":"https://web.archive.org/web/20200229060002/https://www.securityfocus.com/bid/68231","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229060002/https://www.securityfocus.com/bid/68231"},{"reference_url":"https://www.openwall.com/lists/oss-security/2014/06/26/19","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2014/06/26/19"},{"reference_url":"https://www.securityfocus.com/bid/68231","reference_id":"","reference_type":"","scores":[],"url":"https://www.securityfocus.com/bid/68231"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9016?format=json","purl":"pkg:pypi/ansible@1.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.5"}],"aliases":["CVE-2014-4660","GHSA-5xm4-jmpw-p6j3","PYSEC-2020-202"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmbu-guk2-r7dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35525?format=json","vulnerability_id":"VCID-gxw4-ydnj-fkfe","summary":"A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1739.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1739","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14703","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1739"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739"},{"reference_url":"https://github.com/advisories/GHSA-923p-fr2c-g5m2","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-923p-fr2c-g5m2"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/1a89d4f059c21a818306a39ada7f5284ae125237"},{"reference_url":"https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/6c74a298702c8bb5532b9600073312e08f39680f"},{"reference_url":"https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/c6c4fbf4a1fdea1e10ba94462a60c413990a16a4"},{"reference_url":"https://github.com/ansible/ansible/issues/67797","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67797"},{"reference_url":"https://github.com/ansible/ansible/pull/68911","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/68911"},{"reference_url":"https://github.com/ansible/ansible/pull/68912","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/68912"},{"reference_url":"https://github.com/ansible/ansible/pull/68913","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/68913"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-11.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802178","reference_id":"1802178","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802178"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1739","reference_id":"CVE-2020-1739","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12525?format=json","purl":"pkg:pypi/ansible@2.8.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1739","GHSA-923p-fr2c-g5m2","PYSEC-2020-11"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxw4-ydnj-fkfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35218?format=json","vulnerability_id":"VCID-hd4w-ksm9-uycv","summary":"Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1244","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1334","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1476","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1499","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1599","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1685","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7466.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7466.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7466","reference_id":"","reference_type":"","scores":[{"value":"0.02659","scoring_system":"epss","scoring_elements":"0.86063","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7466"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079"},{"reference_url":"https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c"},{"reference_url":"https://github.com/ansible/ansible/issues/24186","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/24186"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml"},{"reference_url":"https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595"},{"reference_url":"http://www.securityfocus.com/bid/97595","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439212","reference_id":"1439212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439212"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7466","reference_id":"CVE-2017-7466","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7466"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11492?format=json","purl":"pkg:pypi/ansible@2.2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10564?format=json","purl":"pkg:pypi/ansible@2.3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pm6p-9arz-7ygs"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.0.0"}],"aliases":["CVE-2017-7466","GHSA-3m8p-xpm6-8ww3","PYSEC-2018-40"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd4w-ksm9-uycv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=json","vulnerability_id":"VCID-hjc4-jcfm-7be5","summary":"information disclosure","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477"},{"reference_url":"https://security.archlinux.org/AVG-2056","reference_id":"AVG-2056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2056"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3533","reference_id":"CVE-2021-3533","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3533"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9241?format=json","purl":"pkg:pypi/ansible@2.0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/22508?format=json","purl":"pkg:pypi/ansible@3.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0"}],"aliases":["CVE-2021-3533","PYSEC-2021-126"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35290?format=json","vulnerability_id":"VCID-hpqa-ysnc-b7dw","summary":"Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3770","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3771","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3772","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3773","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3773"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16859.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16859.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16859","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25726","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16859"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859"},{"reference_url":"https://cwe.mitre.org/data/definitions/200.html","reference_id":"","reference_type":"","scores":[],"url":"https://cwe.mitre.org/data/definitions/200.html"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.5.13/changelogs/CHANGELOG-v2.5.rst","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.5.13/changelogs/CHANGELOG-v2.5.rst"},{"reference_url":"https://github.com/ansible/ansible/commit/0d746b4198abf84290a093b83cf02b4203d73d9f","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/0d746b4198abf84290a093b83cf02b4203d73d9f"},{"reference_url":"https://github.com/ansible/ansible/commit/2f8d3fcf41107efafc14d51ab6e14531ca8f8c87","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/2f8d3fcf41107efafc14d51ab6e14531ca8f8c87"},{"reference_url":"https://github.com/ansible/ansible/commit/4d748d34f9392aa469da00a85c8e2d5fe6cec52b","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/4d748d34f9392aa469da00a85c8e2d5fe6cec52b"},{"reference_url":"https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c"},{"reference_url":"https://github.com/ansible/ansible/pull/49142","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/49142"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-60.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-60.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16859","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16859"},{"reference_url":"https://web.archive.org/web/20200227102121/http://www.securityfocus.com/bid/106004","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227102121/http://www.securityfocus.com/bid/106004"},{"reference_url":"http://www.securityfocus.com/bid/106004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649607","reference_id":"1649607","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649607"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12506?format=json","purl":"pkg:pypi/ansible@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.12"},{"url":"http://public2.vulnerablecode.io/api/packages/12533?format=json","purl":"pkg:pypi/ansible@2.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/12508?format=json","purl":"pkg:pypi/ansible@2.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.9"},{"url":"http://public2.vulnerablecode.io/api/packages/12534?format=json","purl":"pkg:pypi/ansible@2.6.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/12510?format=json","purl":"pkg:pypi/ansible@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/12531?format=json","purl":"pkg:pypi/ansible@2.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/12532?format=json","purl":"pkg:pypi/ansible@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1"}],"aliases":["CVE-2018-16859","GHSA-v735-2pp6-h86r","PYSEC-2018-60"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpqa-ysnc-b7dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35520?format=json","vulnerability_id":"VCID-hq4d-92s2-vqg6","summary":"A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1733","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07997","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1733"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733"},{"reference_url":"https://github.com/advisories/GHSA-g4mq-6fp5-qwcf","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4mq-6fp5-qwcf"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/80b9a0a25c5f75e84aefc8f2b293fb1933b154f2"},{"reference_url":"https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/8251d9f4c2bc82632ab992277fcd30ccbf87aa47"},{"reference_url":"https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/ecf99d5e1ff732a7777010facd6c98bb0994605e"},{"reference_url":"https://github.com/ansible/ansible/issues/67791","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67791"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-5.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801735","reference_id":"1801735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801735"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1733","reference_id":"CVE-2020-1733","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/14998?format=json","purl":"pkg:pypi/ansible@2.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1733","GHSA-g4mq-6fp5-qwcf","PYSEC-2020-5"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hq4d-92s2-vqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35243?format=json","vulnerability_id":"VCID-j6qc-x7e6-buen","summary":"A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8614.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8614","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27594","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8614"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614"},{"reference_url":"https://github.com/advisories/GHSA-cmwx-9m2h-x7v4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cmwx-9m2h-x7v4"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible-modules-core/commit/1182d1f0b76d56f3667e27987a10b9ec8f03357d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-core/commit/1182d1f0b76d56f3667e27987a10b9ec8f03357d"},{"reference_url":"https://github.com/ansible/ansible-modules-core/commit/66d47c8149d84e52f64b7c4d1f340d45dca94d9c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-core/commit/66d47c8149d84e52f64b7c4d1f340d45dca94d9c"},{"reference_url":"https://github.com/ansible/ansible-modules-core/issues/5237","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-core/issues/5237"},{"reference_url":"https://github.com/ansible/ansible-modules-core/pull/5353","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-core/pull/5353"},{"reference_url":"https://github.com/ansible/ansible-modules-core/pull/5357","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-core/pull/5357"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-37.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-37.yaml"},{"reference_url":"https://web.archive.org/web/20200227214450/https://www.securityfocus.com/bid/94108","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227214450/https://www.securityfocus.com/bid/94108"},{"reference_url":"http://www.securityfocus.com/bid/94108","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388038","reference_id":"1388038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388038"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842984","reference_id":"842984","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842984"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8614","reference_id":"CVE-2016-8614","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56531?format=json","purl":"pkg:pypi/ansible@2.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11417?format=json","purl":"pkg:pypi/ansible@2.2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0"}],"aliases":["CVE-2016-8614","GHSA-cmwx-9m2h-x7v4","PYSEC-2018-37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qc-x7e6-buen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35391?format=json","vulnerability_id":"VCID-k8a2-5yfh-j7gp","summary":"A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3744","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3789","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3789"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10156.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10156.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10156","reference_id":"","reference_type":"","scores":[{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69544","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10156"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156"},{"reference_url":"https://github.com/advisories/GHSA-grgm-pph5-j5h7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-grgm-pph5-j5h7"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/04e94274fb92e116e9082cc9b86b1fd05c836922","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/04e94274fb92e116e9082cc9b86b1fd05c836922"},{"reference_url":"https://github.com/ansible/ansible/commit/3ff6505e8ff0e4655bab008886983476ef903375","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/3ff6505e8ff0e4655bab008886983476ef903375"},{"reference_url":"https://github.com/ansible/ansible/commit/a11c3edfa41e7e4a4db323cdabfc2eae1b61da2a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/a11c3edfa41e7e4a4db323cdabfc2eae1b61da2a"},{"reference_url":"https://github.com/ansible/ansible/pull/57188","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/57188"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-2.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1717311","reference_id":"1717311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1717311"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930065","reference_id":"930065","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930065"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10156","reference_id":"CVE-2019-10156","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1705","reference_id":"RHSA-2019:1705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1706","reference_id":"RHSA-2019:1706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1707","reference_id":"RHSA-2019:1707","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1707"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1708","reference_id":"RHSA-2019:1708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1708"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13923?format=json","purl":"pkg:pypi/ansible@2.6.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.18"},{"url":"http://public2.vulnerablecode.io/api/packages/12518?format=json","purl":"pkg:pypi/ansible@2.7.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12"},{"url":"http://public2.vulnerablecode.io/api/packages/13924?format=json","purl":"pkg:pypi/ansible@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2"}],"aliases":["CVE-2019-10156","GHSA-grgm-pph5-j5h7","PYSEC-2019-2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8a2-5yfh-j7gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35519?format=json","vulnerability_id":"VCID-mbj9-3bnb-wbda","summary":"A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1737.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1737","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3588","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1737"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737"},{"reference_url":"https://github.com/advisories/GHSA-893h-35v4-mxqx","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-893h-35v4-mxqx"},{"reference_url":"https://github.com/ansible/ansible/issues/67795","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67795"},{"reference_url":"https://github.com/ansible/ansible/pull/67799","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/67799"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-9.yaml"},{"reference_url":"https://github.com/samdoran/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samdoran/ansible"},{"reference_url":"https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samdoran/ansible/commit/1de638b4d38d6d916588e2ad48d01f90dab8c36d"},{"reference_url":"https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samdoran/ansible/commit/aaf549d7870b8687209a3282841b59207735b676"},{"reference_url":"https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samdoran/ansible/commit/b60aa26e2313a8d52c0e0d3fd01696e797605b72"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802154","reference_id":"1802154","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802154"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1737","reference_id":"CVE-2020-1737","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1541","reference_id":"RHSA-2020:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1542","reference_id":"RHSA-2020:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1543","reference_id":"RHSA-2020:1543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1544","reference_id":"RHSA-2020:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12525?format=json","purl":"pkg:pypi/ansible@2.8.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1737","GHSA-893h-35v4-mxqx","PYSEC-2020-9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbj9-3bnb-wbda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6666?format=json","vulnerability_id":"VCID-mj75-gu96-33ay","summary":"arbitrary command execution","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0195.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0195.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0260.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0260.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0448","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0515","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1685","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9587","reference_id":"","reference_type":"","scores":[{"value":"0.03045","scoring_system":"epss","scoring_elements":"0.86932","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9587"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587"},{"reference_url":"https://github.com/advisories/GHSA-m956-frf4-m2wr","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m956-frf4-m2wr"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201701-77","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-77"},{"reference_url":"https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352"},{"reference_url":"https://www.exploit-db.com/exploits/41013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/41013"},{"reference_url":"https://www.exploit-db.com/exploits/41013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/41013/"},{"reference_url":"http://www.securityfocus.com/bid/95352","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404378","reference_id":"1404378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846","reference_id":"850846","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846"},{"reference_url":"https://security.archlinux.org/AVG-137","reference_id":"AVG-137","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-137"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9587","reference_id":"CVE-2016-9587","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9587"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt","reference_id":"CVE-2016-9587;CT-2017-0109","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt"},{"reference_url":"https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt","reference_id":"CVE-2016-9587;CT-2017-0109","reference_type":"exploit","scores":[],"url":"https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0195","reference_id":"RHSA-2017:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0260","reference_id":"RHSA-2017:0260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0260"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11418?format=json","purl":"pkg:pypi/ansible@2.1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11419?format=json","purl":"pkg:pypi/ansible@2.2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0"}],"aliases":["CVE-2016-9587","GHSA-m956-frf4-m2wr","PYSEC-2018-39"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj75-gu96-33ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35508?format=json","vulnerability_id":"VCID-nb5v-58wt-87gz","summary":"Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4967","reference_id":"","reference_type":"","scores":[{"value":"0.03247","scoring_system":"epss","scoring_elements":"0.87356","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4967"},{"reference_url":"https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-205.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-205.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4967","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4967"},{"reference_url":"http://www.ocert.org/advisories/ocert-2014-004.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ocert.org/advisories/ocert-2014-004.html"},{"reference_url":"https://security.gentoo.org/glsa/201411-09","reference_id":"GLSA-201411-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201411-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9024?format=json","purl":"pkg:pypi/ansible@1.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.7"}],"aliases":["CVE-2014-4967","GHSA-64cw-m57j-65xj","PYSEC-2020-205"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nb5v-58wt-87gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35809?format=json","vulnerability_id":"VCID-p4p5-29r5-8qh9","summary":"A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20191","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07018","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20191"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813"},{"reference_url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0"},{"reference_url":"https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc"},{"reference_url":"https://github.com/ansible/ansible/pull/73488","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73488"},{"reference_url":"https://github.com/ansible/ansible/pull/73489","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/73489"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://access.redhat.com/security/cve/cve-2021-20191","reference_id":"CVE-2021-20191","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2021-20191"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191","reference_id":"CVE-2021-20191","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20191"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18243?format=json","purl":"pkg:pypi/ansible@2.8.19rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18244?format=json","purl":"pkg:pypi/ansible@2.8.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19"},{"url":"http://public2.vulnerablecode.io/api/packages/18262?format=json","purl":"pkg:pypi/ansible@2.9.18rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/18263?format=json","purl":"pkg:pypi/ansible@2.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18"},{"url":"http://public2.vulnerablecode.io/api/packages/22088?format=json","purl":"pkg:pypi/ansible@2.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hjc4-jcfm-7be5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7"}],"aliases":["CVE-2021-20191","GHSA-8f4m-hccc-8qph","PYSEC-2021-124"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35509?format=json","vulnerability_id":"VCID-p7d3-epbn-b7bp","summary":"Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4966","reference_id":"","reference_type":"","scores":[{"value":"0.03742","scoring_system":"epss","scoring_elements":"0.88218","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4966"},{"reference_url":"https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-204.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-204.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4966","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4966"},{"reference_url":"http://www.ocert.org/advisories/ocert-2014-004.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ocert.org/advisories/ocert-2014-004.html"},{"reference_url":"https://security.gentoo.org/glsa/201411-09","reference_id":"GLSA-201411-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201411-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9024?format=json","purl":"pkg:pypi/ansible@1.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.7"}],"aliases":["CVE-2014-4966","GHSA-wqq5-c89p-3wc3","PYSEC-2020-204"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7d3-epbn-b7bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35808?format=json","vulnerability_id":"VCID-pqj1-u787-g3aj","summary":"A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20178","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08367","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774"},{"reference_url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C"},{"reference_url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible-collections/community.general/pull/1635"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635,","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/community.general/pull/1635,"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753","reference_id":"985753","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753"},{"reference_url":"https://security.archlinux.org/ASA-202102-9","reference_id":"ASA-202102-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-9"},{"reference_url":"https://security.archlinux.org/AVG-1437","reference_id":"AVG-1437","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1437"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178","reference_id":"CVE-2021-20178","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0663","reference_id":"RHSA-2021:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0664","reference_id":"RHSA-2021:0664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2180","reference_id":"RHSA-2021:2180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18263?format=json","purl":"pkg:pypi/ansible@2.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18"}],"aliases":["CVE-2021-20178","GHSA-wv5p-gmmv-wh9v","PYSEC-2021-106"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34810?format=json","vulnerability_id":"VCID-qf21-vknb-7kdg","summary":"lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4260","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24144","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4260"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=998227","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=998227"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86898","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86898"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/d5948d59fc863fcec6efa62fa2791928ffc5a6d1","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/d5948d59fc863fcec6efa62fa2791928ffc5a6d1"},{"reference_url":"https://github.com/ansible/ansible/commit/ed3e4aff84fb32005d8e91dbf0fd7b134a482486","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/ed3e4aff84fb32005d8e91dbf0fd7b134a482486"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2013-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2013-2.yaml"},{"reference_url":"https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg"},{"reference_url":"https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg"},{"reference_url":"http://www.ansible.com/security","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ansible.com/security"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4260","reference_id":"CVE-2013-4260","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4260"},{"reference_url":"https://github.com/advisories/GHSA-pcqv-c46v-2p4v","reference_id":"GHSA-pcqv-c46v-2p4v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pcqv-c46v-2p4v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7650?format=json","purl":"pkg:pypi/ansible@1.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-9pwe-zdc3-sbcu"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gg28-jm4a-1ue9"},{"vulnerability":"VCID-ghxm-6brq-bqc9"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gmbu-guk2-r7dg"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-tuhu-e8gj-rbbg"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/9000?format=json","purl":"pkg:pypi/ansible@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-9pwe-zdc3-sbcu"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gg28-jm4a-1ue9"},{"vulnerability":"VCID-ghxm-6brq-bqc9"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gmbu-guk2-r7dg"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-tuhu-e8gj-rbbg"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.3.0"}],"aliases":["CVE-2013-4260","GHSA-pcqv-c46v-2p4v","PYSEC-2013-2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qf21-vknb-7kdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35239?format=json","vulnerability_id":"VCID-rgcg-pkhf-7ydk","summary":"An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1685","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8647.json","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8647.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-8647","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2016-8647"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8647","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39909","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8647"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396174","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396174"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647"},{"reference_url":"https://github.com/advisories/GHSA-x4cm-m36h-c6qj","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4cm-m36h-c6qj"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible-modules-core/commit/30fb384e7fb9a94ac3929e4a650877e45d8834c9","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-core/commit/30fb384e7fb9a94ac3929e4a650877e45d8834c9"},{"reference_url":"https://github.com/ansible/ansible-modules-core/pull/5388","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible-modules-core/pull/5388"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-58.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-58.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844691","reference_id":"844691","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844691"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8647","reference_id":"CVE-2016-8647","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8647"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11419?format=json","purl":"pkg:pypi/ansible@2.2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0"}],"aliases":["CVE-2016-8647","GHSA-x4cm-m36h-c6qj","PYSEC-2018-58"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgcg-pkhf-7ydk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35531?format=json","vulnerability_id":"VCID-subj-aje2-93bk","summary":"A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1738.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1738","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44074","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1738"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738"},{"reference_url":"https://github.com/advisories/GHSA-f85h-23mf-2fwh","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f85h-23mf-2fwh"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/issues/67796","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67796"},{"reference_url":"https://github.com/ansible/ansible/pull/67808","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/67808"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802164","reference_id":"1802164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1802164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1738","reference_id":"CVE-2020-1738","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L"},{"value":"1.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1738"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/12525?format=json","purl":"pkg:pypi/ansible@2.8.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1738","GHSA-f85h-23mf-2fwh","PYSEC-2020-10"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-subj-aje2-93bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35514?format=json","vulnerability_id":"VCID-tuhu-e8gj-rbbg","summary":"The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4657.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4657","reference_id":"","reference_type":"","scores":[{"value":"0.03071","scoring_system":"epss","scoring_elements":"0.86995","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4657"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md"},{"reference_url":"https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-199.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-199.yaml"},{"reference_url":"https://web.archive.org/web/20210120133852/https://www.securityfocus.com/bid/68232","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210120133852/https://www.securityfocus.com/bid/68232"},{"reference_url":"https://www.securityfocus.com/bid/68232","reference_id":"","reference_type":"","scores":[],"url":"https://www.securityfocus.com/bid/68232"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831263","reference_id":"1831263","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831263"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4657","reference_id":"CVE-2014-4657","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4657"},{"reference_url":"https://security.gentoo.org/glsa/201411-09","reference_id":"GLSA-201411-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201411-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9015?format=json","purl":"pkg:pypi/ansible@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-9pwe-zdc3-sbcu"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gg28-jm4a-1ue9"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gmbu-guk2-r7dg"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.5.4"}],"aliases":["CVE-2014-4657","GHSA-qg47-5px9-32g7","PYSEC-2020-199"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuhu-e8gj-rbbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35233?format=json","vulnerability_id":"VCID-utrp-hfpb-tygj","summary":"Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1244","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1334","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1476","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1499","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1599","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2524","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2524"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7481.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7481.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7481","reference_id":"","reference_type":"","scores":[{"value":"0.04313","scoring_system":"epss","scoring_elements":"0.89078","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7481"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481"},{"reference_url":"https://github.com/advisories/GHSA-w578-j992-554x","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w578-j992-554x"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3"},{"reference_url":"https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2"},{"reference_url":"https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29"},{"reference_url":"https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"},{"reference_url":"https://usn.ubuntu.com/4072-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4072-1"},{"reference_url":"https://usn.ubuntu.com/4072-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1/"},{"reference_url":"https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492"},{"reference_url":"http://www.securityfocus.com/bid/98492","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98492"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1450018","reference_id":"1450018","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1450018"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862666","reference_id":"862666","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862666"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7481","reference_id":"CVE-2017-7481","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7481"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11490?format=json","purl":"pkg:pypi/ansible@2.1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11492?format=json","purl":"pkg:pypi/ansible@2.2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10565?format=json","purl":"pkg:pypi/ansible@2.3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pm6p-9arz-7ygs"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10567?format=json","purl":"pkg:pypi/ansible@2.4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5cgu-g45y-q3cj"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mfvw-qzb9-8bax"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pm6p-9arz-7ygs"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-x99c-b7ve-hkdj"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.0.0"}],"aliases":["CVE-2017-7481","GHSA-w578-j992-554x","PYSEC-2018-41"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utrp-hfpb-tygj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35617?format=json","vulnerability_id":"VCID-vhxq-1hqq-77bx","summary":"An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14330","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4438","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14330"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330"},{"reference_url":"https://github.com/advisories/GHSA-785x-qw4v-6872","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-785x-qw4v-6872"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e"},{"reference_url":"https://github.com/ansible/ansible/issues/68400","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/68400"},{"reference_url":"https://github.com/ansible/ansible/pull/69653","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/69653"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856815","reference_id":"1856815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1856815"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14330","reference_id":"CVE-2020-14330","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3600","reference_id":"RHSA-2020:3600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3600"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18235?format=json","purl":"pkg:pypi/ansible@2.9.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/18294?format=json","purl":"pkg:pypi/ansible@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0"}],"aliases":["CVE-2020-14330","GHSA-785x-qw4v-6872","PYSEC-2020-3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35607?format=json","vulnerability_id":"VCID-vsv2-4d8c-m3g1","summary":"A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14904","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11271","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14904"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776944","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776944"},{"reference_url":"https://github.com/advisories/GHSA-gwr8-5j83-483c","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gwr8-5j83-483c"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/589a415f887b6f2bb65cd07fe6b2e9d0a8156b69"},{"reference_url":"https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/6a86650109b8654f5898369e45d3857624edf907"},{"reference_url":"https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/a1b0f72c98b4b2afaab8aafa255e82c2075049c8"},{"reference_url":"https://github.com/ansible/ansible/pull/65686","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/65686"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-161.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"},{"reference_url":"https://www.debian.org/security/2021/dsa-4950","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4950"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14904","reference_id":"CVE-2019-14904","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0215","reference_id":"RHSA-2020:0215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0217","reference_id":"RHSA-2020:0217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0217"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12521?format=json","purl":"pkg:pypi/ansible@2.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15"},{"url":"http://public2.vulnerablecode.io/api/packages/12522?format=json","purl":"pkg:pypi/ansible@2.7.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.16"},{"url":"http://public2.vulnerablecode.io/api/packages/14785?format=json","purl":"pkg:pypi/ansible@2.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/14998?format=json","purl":"pkg:pypi/ansible@2.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/14999?format=json","purl":"pkg:pypi/ansible@2.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/15000?format=json","purl":"pkg:pypi/ansible@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.3"}],"aliases":["CVE-2019-14904","GHSA-gwr8-5j83-483c","PYSEC-2020-161"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsv2-4d8c-m3g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35516?format=json","vulnerability_id":"VCID-x4mr-vrp9-ufg6","summary":"A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2020:0547","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2020:0547"},{"reference_url":"https://access.redhat.com/errata/RHBA-2020:1539","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2020:1539"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1734.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1734","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24218","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1734"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801804","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801804"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734"},{"reference_url":"https://github.com/advisories/GHSA-h39q-95q5-9jfp","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h39q-95q5-9jfp"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b"},{"reference_url":"https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0"},{"reference_url":"https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f"},{"reference_url":"https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0"},{"reference_url":"https://github.com/ansible/ansible/issues/67792","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/67792"},{"reference_url":"https://github.com/ansible/ansible/issues/70159","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/issues/70159"},{"reference_url":"https://github.com/ansible/ansible/pull/70596","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/70596"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-1734","reference_id":"CVE-2020-1734","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-1734"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1734","reference_id":"CVE-2020-1734","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15577?format=json","purl":"pkg:pypi/ansible@2.8.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13"},{"url":"http://public2.vulnerablecode.io/api/packages/18233?format=json","purl":"pkg:pypi/ansible@2.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/18293?format=json","purl":"pkg:pypi/ansible@2.10.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1"}],"aliases":["CVE-2020-1734","GHSA-h39q-95q5-9jfp","PYSEC-2020-6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mr-vrp9-ufg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35275?format=json","vulnerability_id":"VCID-yre5-mmmj-q3bn","summary":"Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3460","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3461","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3462","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3463","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3505","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3505"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16837.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16837.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2018-16837","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2018-16837"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16837","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06965","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/blob/c963ef1dfbf73efea5106624eb48b346f01eaefd/changelogs/CHANGELOG-v2.7.rst?plain=1#L138","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/blob/c963ef1dfbf73efea5106624eb48b346f01eaefd/changelogs/CHANGELOG-v2.7.rst?plain=1#L138"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1"},{"reference_url":"https://github.com/ansible/ansible/commit/77928e6c3a2ad878b20312ce5d74d9d7741e0df0","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/77928e6c3a2ad878b20312ce5d74d9d7741e0df0"},{"reference_url":"https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4"},{"reference_url":"https://github.com/ansible/ansible/commit/b618339c321c387230d3ea523e80ad47af3de5cf","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/b618339c321c387230d3ea523e80ad47af3de5cf"},{"reference_url":"https://github.com/ansible/ansible/commit/f50cc0b8cb399bb7b7c1ad23b94c9404f0cc6d23","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/f50cc0b8cb399bb7b7c1ad23b94c9404f0cc6d23"},{"reference_url":"https://github.com/ansible/ansible/pull/47436","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/47436"},{"reference_url":"https://github.com/ansible/ansible/pull/47445","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/47445"},{"reference_url":"https://github.com/ansible/ansible/pull/47486","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/47486"},{"reference_url":"https://github.com/ansible/ansible/pull/47487","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/47487"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-44.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-44.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html"},{"reference_url":"https://usn.ubuntu.com/4072-1","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4072-1"},{"reference_url":"https://usn.ubuntu.com/4072-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1/"},{"reference_url":"https://web.archive.org/web/20200227105539/http://www.securityfocus.com/bid/105700","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227105539/http://www.securityfocus.com/bid/105700"},{"reference_url":"https://www.debian.org/security/2019/dsa-4396","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4396"},{"reference_url":"http://www.securityfocus.com/bid/105700","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105700"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1640642","reference_id":"1640642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1640642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912297","reference_id":"912297","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912297"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16837","reference_id":"CVE-2018-16837","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16837"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9241?format=json","purl":"pkg:pypi/ansible@2.0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12357?format=json","purl":"pkg:pypi/ansible@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12356?format=json","purl":"pkg:pypi/ansible@2.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/12355?format=json","purl":"pkg:pypi/ansible@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.1"}],"aliases":["CVE-2018-16837","GHSA-hwrm-63v2-42g4","PYSEC-2018-44"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yre5-mmmj-q3bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35511?format=json","vulnerability_id":"VCID-yt5j-unv8-yudk","summary":"The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4678.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4678.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4678","reference_id":"","reference_type":"","scores":[{"value":"0.10105","scoring_system":"epss","scoring_elements":"0.93225","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4678"},{"reference_url":"https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-203.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-203.yaml"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4678","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4678"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2014-4678","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2014-4678"},{"reference_url":"https://www.openwall.com/lists/oss-security/2014/06/26/30","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2014/06/26/30"},{"reference_url":"https://www.openwall.com/lists/oss-security/2014/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2014/07/02/2"},{"reference_url":"https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5"},{"reference_url":"https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828684","reference_id":"1828684","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828684"},{"reference_url":"https://security.gentoo.org/glsa/201411-09","reference_id":"GLSA-201411-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201411-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9021?format=json","purl":"pkg:pypi/ansible@1.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.4"}],"aliases":["CVE-2014-4678","GHSA-66c7-5pwv-mm3j","PYSEC-2020-203"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yt5j-unv8-yudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35224?format=json","vulnerability_id":"VCID-zwrg-9mrq-effd","summary":"In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2018:3788","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2018:3788"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2150","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2151","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2152","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2166","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2321","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2585","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0054","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0054"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10874.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2018-10874","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2018-10874"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10874","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16048","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10874"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/10d6fe6c98cfee9a7be0fea6102ba5dec951aec7"},{"reference_url":"https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e"},{"reference_url":"https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/commit/44874addc7ea136f83c67d5869047ece02645fdb"},{"reference_url":"https://github.com/ansible/ansible/pull/42067","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ansible/ansible/pull/42067"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-81.yaml"},{"reference_url":"https://usn.ubuntu.com/4072-1","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4072-1"},{"reference_url":"https://usn.ubuntu.com/4072-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1/"},{"reference_url":"https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201130165946/http://www.securitytracker.com/id/1041396"},{"reference_url":"http://www.securitytracker.com/id/1041396","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041396"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1596528","reference_id":"1596528","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1596528"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10874","reference_id":"CVE-2018-10874","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10874"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9241?format=json","purl":"pkg:pypi/ansible@2.0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11585?format=json","purl":"pkg:pypi/ansible@2.4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-x99c-b7ve-hkdj"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11586?format=json","purl":"pkg:pypi/ansible@2.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-x99c-b7ve-hkdj"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/11587?format=json","purl":"pkg:pypi/ansible@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.1"}],"aliases":["CVE-2018-10874","GHSA-3xvg-x47j-x75w","PYSEC-2018-81"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwrg-9mrq-effd"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35765?format=json","vulnerability_id":"VCID-n7t5-dzkt-rbh8","summary":"A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3447","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21975","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3447"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939349","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1939349"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721","reference_id":"1014721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721"},{"reference_url":"https://security.archlinux.org/AVG-1702","reference_id":"AVG-1702","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1702"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3447","reference_id":"CVE-2021-3447","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1079","reference_id":"RHSA-2021:1079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1342","reference_id":"RHSA-2021:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1343","reference_id":"RHSA-2021:1343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2736","reference_id":"RHSA-2021:2736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2866","reference_id":"RHSA-2021:2866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2866"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7649?format=json","purl":"pkg:pypi/ansible@1.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-9pwe-zdc3-sbcu"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-bwsk-15wb-jkfz"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gg28-jm4a-1ue9"},{"vulnerability":"VCID-ghxm-6brq-bqc9"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gmbu-guk2-r7dg"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qf21-vknb-7kdg"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-tuhu-e8gj-rbbg"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-yt5j-unv8-yudk"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.2"}],"aliases":["CVE-2021-3447","PYSEC-2021-107"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7t5-dzkt-rbh8"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.2.2"}