{"url":"http://public2.vulnerablecode.io/api/packages/9021?format=json","purl":"pkg:pypi/ansible@1.6.4","type":"pypi","namespace":"","name":"ansible","version":"1.6.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.9.6.1","latest_non_vulnerable_version":"12.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35242?format=json","vulnerability_id":"VCID-1d8u-w26v-nqfd","summary":"Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2778","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2778"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628"},{"reference_url":"https://github.com/advisories/GHSA-jg4f-jqm5-4mgq","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jg4f-jqm5-4mgq"},{"reference_url":"http://www.securityfocus.com/bid/94109","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94109"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8628","reference_id":"CVE-2016-8628","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56531?format=json","purl":"pkg:pypi/ansible@2.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11417?format=json","purl":"pkg:pypi/ansible@2.2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0"}],"aliases":["CVE-2016-8628","GHSA-jg4f-jqm5-4mgq","PYSEC-2018-38"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1d8u-w26v-nqfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35418?format=json","vulnerability_id":"VCID-1sty-hqbq-63hy","summary":"In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3201","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3202","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3203","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3203"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3207","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0756","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0756"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846"},{"reference_url":"https://github.com/ansible/ansible/pull/63366","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/63366"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14349?format=json","purl":"pkg:pypi/ansible@2.6.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.20"},{"url":"http://public2.vulnerablecode.io/api/packages/12520?format=json","purl":"pkg:pypi/ansible@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/14350?format=json","purl":"pkg:pypi/ansible@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.6"}],"aliases":["CVE-2019-14846","PYSEC-2019-4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sty-hqbq-63hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35060?format=json","vulnerability_id":"VCID-2tq8-8hu5-juc2","summary":"The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243468","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243468"},{"reference_url":"https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015"},{"reference_url":"https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647"},{"reference_url":"https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"},{"reference_url":"http://www.ansible.com/security","reference_id":"","reference_type":"","scores":[],"url":"http://www.ansible.com/security"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/08/17/10","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/08/17/10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9039?format=json","purl":"pkg:pypi/ansible@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.2"}],"aliases":["CVE-2015-6240","PYSEC-2017-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tq8-8hu5-juc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35532?format=json","vulnerability_id":"VCID-2z4k-r21v-rfgx","summary":"A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736"},{"reference_url":"https://github.com/advisories/GHSA-x7jh-595q-wq82","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x7jh-595q-wq82"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/issues/67794","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67794"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1736","reference_id":"CVE-2020-1736","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1736","GHSA-x7jh-595q-wq82","PYSEC-2020-8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2z4k-r21v-rfgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35533?format=json","vulnerability_id":"VCID-7qnx-1gp2-v7bb","summary":"A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735"},{"reference_url":"https://github.com/advisories/GHSA-gfr2-qpxh-qj9m","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gfr2-qpxh-qj9m"},{"reference_url":"https://github.com/ansible/ansible/issues/67793","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67793"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1735","GHSA-gfr2-qpxh-qj9m","PYSEC-2020-7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qnx-1gp2-v7bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35061?format=json","vulnerability_id":"VCID-7skd-9hpb-dbhj","summary":"The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335551","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335551"},{"reference_url":"https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3498","reference_id":"CVE-2014-3498","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3498"},{"reference_url":"https://github.com/advisories/GHSA-4cvm-5776-jx9f","reference_id":"GHSA-4cvm-5776-jx9f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4cvm-5776-jx9f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9023?format=json","purl":"pkg:pypi/ansible@1.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.6"}],"aliases":["CVE-2014-3498","GHSA-4cvm-5776-jx9f","PYSEC-2017-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7skd-9hpb-dbhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35811?format=json","vulnerability_id":"VCID-833d-up6b-rfe1","summary":"A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831089","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831089"},{"reference_url":"https://github.com/advisories/GHSA-r6h7-5pq2-j77h","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r6h7-5pq2-j77h"},{"reference_url":"https://github.com/ansible/ansible/issues/34144","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/34144"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-10729","GHSA-r6h7-5pq2-j77h","PYSEC-2021-105"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-833d-up6b-rfe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35785?format=json","vulnerability_id":"VCID-8u2v-jtqe-dqg3","summary":"A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925002","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1925002"},{"reference_url":"https://github.com/advisories/GHSA-5rrg-rr89-x9mv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5rrg-rr89-x9mv"},{"reference_url":"https://github.com/ansible/ansible/pull/73487","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/73487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18265?format=json","purl":"pkg:pypi/ansible@2.9.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19"}],"aliases":["CVE-2021-20228","GHSA-5rrg-rr89-x9mv","PYSEC-2021-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u2v-jtqe-dqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35653?format=json","vulnerability_id":"VCID-am9g-ba4h-sfhr","summary":"A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible-collections/community.aws/issues/222","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/community.aws/issues/222"},{"reference_url":"https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25635","reference_id":"CVE-2020-25635","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25635"},{"reference_url":"https://github.com/advisories/GHSA-f556-49jc-4rvc","reference_id":"GHSA-f556-49jc-4rvc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f556-49jc-4rvc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18528?format=json","purl":"pkg:pypi/ansible@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1"}],"aliases":["CVE-2020-25635","GHSA-f556-49jc-4rvc","PYSEC-2020-220"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am9g-ba4h-sfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34965?format=json","vulnerability_id":"VCID-bg46-sd2p-h7ez","summary":"Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-07/msg00051.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-08/msg00029.html"},{"reference_url":"https://github.com/advisories/GHSA-w64c-pxjj-h866","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w64c-pxjj-h866"},{"reference_url":"https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#192-dancing-in-the-street---jun-26-2015"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"},{"reference_url":"http://www.ansible.com/security","reference_id":"","reference_type":"","scores":[],"url":"http://www.ansible.com/security"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/07/14/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/07/14/4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9039?format=json","purl":"pkg:pypi/ansible@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.2"}],"aliases":["CVE-2015-3908","GHSA-w64c-pxjj-h866","PYSEC-2015-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bg46-sd2p-h7ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35529?format=json","vulnerability_id":"VCID-cuq1-se5h-vygd","summary":"A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753"},{"reference_url":"https://github.com/advisories/GHSA-86hp-cj9j-33vv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-86hp-cj9j-33vv"},{"reference_url":"https://github.com/ansible-collections/kubernetes/pull/51","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/kubernetes/pull/51"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12524?format=json","purl":"pkg:pypi/ansible@2.7.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18"},{"url":"http://public2.vulnerablecode.io/api/packages/15098?format=json","purl":"pkg:pypi/ansible@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/15099?format=json","purl":"pkg:pypi/ansible@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7"}],"aliases":["CVE-2020-1753","GHSA-86hp-cj9j-33vv","PYSEC-2020-210"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuq1-se5h-vygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35530?format=json","vulnerability_id":"VCID-cxts-25nq-4fcs","summary":"A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740"},{"reference_url":"https://github.com/advisories/GHSA-vcg8-98q8-g7mj","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vcg8-98q8-g7mj"},{"reference_url":"https://github.com/ansible/ansible/issues/67798","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67798"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1740","GHSA-vcg8-98q8-g7mj","PYSEC-2020-12"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxts-25nq-4fcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3444?format=json","vulnerability_id":"VCID-dkds-s3ad-cufa","summary":"information disclosure","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975767"},{"reference_url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4r65-35qq-ch8j"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes"},{"reference_url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0"},{"reference_url":"https://security.archlinux.org/AVG-1941","reference_id":"AVG-1941","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1941"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620","reference_id":"CVE-2021-3620","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3620"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18281?format=json","purl":"pkg:pypi/ansible@2.9.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27"}],"aliases":["CVE-2021-3620","GHSA-4r65-35qq-ch8j","PYSEC-2022-164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkds-s3ad-cufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34998?format=json","vulnerability_id":"VCID-g8tj-eaqr-myaa","summary":"The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1322925","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1322925"},{"reference_url":"https://github.com/advisories/GHSA-rh6x-qvg7-rrmj","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rh6x-qvg7-rrmj"},{"reference_url":"https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away"},{"reference_url":"https://github.com/ansible/ansible-modules-extras/pull/1941","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible-modules-extras/pull/1941"},{"reference_url":"https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4"},{"reference_url":"https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0"},{"reference_url":"https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig"},{"reference_url":"https://security.gentoo.org/glsa/201607-14","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3096","reference_id":"CVE-2016-3096","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3096"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56527?format=json","purl":"pkg:pypi/ansible@1.9.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.9.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9244?format=json","purl":"pkg:pypi/ansible@2.0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.2.0"}],"aliases":["CVE-2016-3096","GHSA-rh6x-qvg7-rrmj","PYSEC-2016-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8tj-eaqr-myaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7216?format=json","vulnerability_id":"VCID-gm99-68bj-c3cz","summary":"arbitrary command execution","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968412"},{"reference_url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2pfh-q76x-gwvm"},{"reference_url":"https://security.archlinux.org/AVG-2260","reference_id":"AVG-2260","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2260"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583","reference_id":"CVE-2021-3583","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3583"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18273?format=json","purl":"pkg:pypi/ansible@2.9.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23"}],"aliases":["CVE-2021-3583","GHSA-2pfh-q76x-gwvm","PYSEC-2021-358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm99-68bj-c3cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35525?format=json","vulnerability_id":"VCID-gxw4-ydnj-fkfe","summary":"A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739"},{"reference_url":"https://github.com/advisories/GHSA-923p-fr2c-g5m2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-923p-fr2c-g5m2"},{"reference_url":"https://github.com/ansible/ansible/issues/67797","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67797"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1739","GHSA-923p-fr2c-g5m2","PYSEC-2020-11"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxw4-ydnj-fkfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35218?format=json","vulnerability_id":"VCID-hd4w-ksm9-uycv","summary":"Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1244","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1334","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1476","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1499","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1599","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1685","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466"},{"reference_url":"http://www.securityfocus.com/bid/97595","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97595"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7466","reference_id":"CVE-2017-7466","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7466"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10564?format=json","purl":"pkg:pypi/ansible@2.3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pm6p-9arz-7ygs"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.0.0"}],"aliases":["CVE-2017-7466","PYSEC-2018-40"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd4w-ksm9-uycv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7307?format=json","vulnerability_id":"VCID-hjc4-jcfm-7be5","summary":"information disclosure","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956477"},{"reference_url":"https://security.archlinux.org/AVG-2056","reference_id":"AVG-2056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2056"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22508?format=json","purl":"pkg:pypi/ansible@3.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0"}],"aliases":["CVE-2021-3533","PYSEC-2021-126"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc4-jcfm-7be5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35290?format=json","vulnerability_id":"VCID-hpqa-ysnc-b7dw","summary":"Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3770","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3771","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3772","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3773","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859"},{"reference_url":"https://cwe.mitre.org/data/definitions/200.html","reference_id":"","reference_type":"","scores":[],"url":"https://cwe.mitre.org/data/definitions/200.html"},{"reference_url":"https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c"},{"reference_url":"https://github.com/ansible/ansible/pull/49142","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/49142"},{"reference_url":"http://www.securityfocus.com/bid/106004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12506?format=json","purl":"pkg:pypi/ansible@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.12"},{"url":"http://public2.vulnerablecode.io/api/packages/12533?format=json","purl":"pkg:pypi/ansible@2.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/12508?format=json","purl":"pkg:pypi/ansible@2.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.9"},{"url":"http://public2.vulnerablecode.io/api/packages/12534?format=json","purl":"pkg:pypi/ansible@2.6.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/12510?format=json","purl":"pkg:pypi/ansible@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/12531?format=json","purl":"pkg:pypi/ansible@2.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/12532?format=json","purl":"pkg:pypi/ansible@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1"}],"aliases":["CVE-2018-16859","PYSEC-2018-60"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpqa-ysnc-b7dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35520?format=json","vulnerability_id":"VCID-hq4d-92s2-vqg6","summary":"A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p <dir>\"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733"},{"reference_url":"https://github.com/advisories/GHSA-g4mq-6fp5-qwcf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g4mq-6fp5-qwcf"},{"reference_url":"https://github.com/ansible/ansible/issues/67791","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67791"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/14998?format=json","purl":"pkg:pypi/ansible@2.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1733","GHSA-g4mq-6fp5-qwcf","PYSEC-2020-5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hq4d-92s2-vqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35243?format=json","vulnerability_id":"VCID-j6qc-x7e6-buen","summary":"A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614"},{"reference_url":"https://github.com/advisories/GHSA-cmwx-9m2h-x7v4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cmwx-9m2h-x7v4"},{"reference_url":"https://github.com/ansible/ansible-modules-core/issues/5237","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible-modules-core/issues/5237"},{"reference_url":"https://github.com/ansible/ansible-modules-core/pull/5353","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible-modules-core/pull/5353"},{"reference_url":"https://github.com/ansible/ansible-modules-core/pull/5357","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible-modules-core/pull/5357"},{"reference_url":"http://www.securityfocus.com/bid/94108","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94108"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8614","reference_id":"CVE-2016-8614","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56531?format=json","purl":"pkg:pypi/ansible@2.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11417?format=json","purl":"pkg:pypi/ansible@2.2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.0.0"}],"aliases":["CVE-2016-8614","GHSA-cmwx-9m2h-x7v4","PYSEC-2018-37"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qc-x7e6-buen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35391?format=json","vulnerability_id":"VCID-k8a2-5yfh-j7gp","summary":"A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3744","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3789","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3789"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156"},{"reference_url":"https://github.com/advisories/GHSA-grgm-pph5-j5h7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-grgm-pph5-j5h7"},{"reference_url":"https://github.com/ansible/ansible/pull/57188","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/57188"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13923?format=json","purl":"pkg:pypi/ansible@2.6.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.18"},{"url":"http://public2.vulnerablecode.io/api/packages/12518?format=json","purl":"pkg:pypi/ansible@2.7.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.12"},{"url":"http://public2.vulnerablecode.io/api/packages/13924?format=json","purl":"pkg:pypi/ansible@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2"}],"aliases":["CVE-2019-10156","GHSA-grgm-pph5-j5h7","PYSEC-2019-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8a2-5yfh-j7gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35519?format=json","vulnerability_id":"VCID-mbj9-3bnb-wbda","summary":"A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737"},{"reference_url":"https://github.com/advisories/GHSA-893h-35v4-mxqx","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-893h-35v4-mxqx"},{"reference_url":"https://github.com/ansible/ansible/issues/67795","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67795"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1737","GHSA-893h-35v4-mxqx","PYSEC-2020-9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbj9-3bnb-wbda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6666?format=json","vulnerability_id":"VCID-mj75-gu96-33ay","summary":"arbitrary command execution","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0195.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-0195.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0260.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-0260.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0448","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0515","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1685","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587"},{"reference_url":"https://github.com/advisories/GHSA-m956-frf4-m2wr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m956-frf4-m2wr"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml"},{"reference_url":"https://security.gentoo.org/glsa/201701-77","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-77"},{"reference_url":"https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352"},{"reference_url":"https://www.exploit-db.com/exploits/41013","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/41013"},{"reference_url":"https://www.exploit-db.com/exploits/41013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/41013/"},{"reference_url":"http://www.securityfocus.com/bid/95352","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95352"},{"reference_url":"https://security.archlinux.org/AVG-137","reference_id":"AVG-137","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-137"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9587","reference_id":"CVE-2016-9587","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9587"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11418?format=json","purl":"pkg:pypi/ansible@2.1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11419?format=json","purl":"pkg:pypi/ansible@2.2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0"}],"aliases":["CVE-2016-9587","GHSA-m956-frf4-m2wr","PYSEC-2018-39"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj75-gu96-33ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35508?format=json","vulnerability_id":"VCID-nb5v-58wt-87gz","summary":"Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing \" src=\" clause, (2) a trailing \" temp=\" clause, or (3) a trailing \" validate=\" clause accompanied by a shell command.","references":[{"reference_url":"https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527"},{"reference_url":"http://www.ocert.org/advisories/ocert-2014-004.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.ocert.org/advisories/ocert-2014-004.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9024?format=json","purl":"pkg:pypi/ansible@1.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.7"}],"aliases":["CVE-2014-4967","PYSEC-2020-205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nb5v-58wt-87gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35809?format=json","vulnerability_id":"VCID-p4p5-29r5-8qh9","summary":"A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1916813"},{"reference_url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8f4m-hccc-8qph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18244?format=json","purl":"pkg:pypi/ansible@2.8.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19"},{"url":"http://public2.vulnerablecode.io/api/packages/18263?format=json","purl":"pkg:pypi/ansible@2.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18"},{"url":"http://public2.vulnerablecode.io/api/packages/22088?format=json","purl":"pkg:pypi/ansible@2.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hjc4-jcfm-7be5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7"}],"aliases":["CVE-2021-20191","GHSA-8f4m-hccc-8qph","PYSEC-2021-124"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4p5-29r5-8qh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35509?format=json","vulnerability_id":"VCID-p7d3-epbn-b7bp","summary":"Ansible before 1.6.7 does not prevent inventory data with \"{{\" and \"lookup\" substrings, and does not prevent remote data with \"{{\" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.","references":[{"reference_url":"https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527"},{"reference_url":"http://www.ocert.org/advisories/ocert-2014-004.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.ocert.org/advisories/ocert-2014-004.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9024?format=json","purl":"pkg:pypi/ansible@1.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.7"}],"aliases":["CVE-2014-4966","PYSEC-2020-204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7d3-epbn-b7bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35808?format=json","vulnerability_id":"VCID-pqj1-u787-g3aj","summary":"A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914774"},{"reference_url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wv5p-gmmv-wh9v"},{"reference_url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,"},{"reference_url":"https://github.com/ansible-collections/community.general/pull/1635,","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible-collections/community.general/pull/1635,"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18263?format=json","purl":"pkg:pypi/ansible@2.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18"}],"aliases":["CVE-2021-20178","GHSA-wv5p-gmmv-wh9v","PYSEC-2021-106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqj1-u787-g3aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35239?format=json","vulnerability_id":"VCID-rgcg-pkhf-7ydk","summary":"An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1685","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1685"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647"},{"reference_url":"https://github.com/advisories/GHSA-x4cm-m36h-c6qj","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x4cm-m36h-c6qj"},{"reference_url":"https://github.com/ansible/ansible-modules-core/pull/5388","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible-modules-core/pull/5388"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8647","reference_id":"CVE-2016-8647","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8647"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11419?format=json","purl":"pkg:pypi/ansible@2.2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.1.0"}],"aliases":["CVE-2016-8647","GHSA-x4cm-m36h-c6qj","PYSEC-2018-58"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgcg-pkhf-7ydk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35531?format=json","vulnerability_id":"VCID-subj-aje2-93bk","summary":"A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738"},{"reference_url":"https://github.com/advisories/GHSA-f85h-23mf-2fwh","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f85h-23mf-2fwh"},{"reference_url":"https://github.com/ansible/ansible/issues/67796","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67796"},{"reference_url":"https://security.gentoo.org/glsa/202006-11","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15003?format=json","purl":"pkg:pypi/ansible@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/15004?format=json","purl":"pkg:pypi/ansible@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6"}],"aliases":["CVE-2020-1738","GHSA-f85h-23mf-2fwh","PYSEC-2020-10"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-subj-aje2-93bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35233?format=json","vulnerability_id":"VCID-utrp-hfpb-tygj","summary":"Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1244","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1334","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1476","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1499","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1599","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2524","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2524"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481"},{"reference_url":"https://github.com/advisories/GHSA-w578-j992-554x","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w578-j992-554x"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/a1886911fcf4b691130cfc70dfc5daa5e07c46a3"},{"reference_url":"https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2"},{"reference_url":"https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/f0e348f5eeb70c1fb3127d90891da43b5c0a9d29"},{"reference_url":"https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/fd30f5328986f9e1da434474481f32bf918a600c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-41.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"},{"reference_url":"https://usn.ubuntu.com/4072-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1"},{"reference_url":"https://usn.ubuntu.com/4072-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1/"},{"reference_url":"https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20170801122609/http://www.securityfocus.com/bid/98492"},{"reference_url":"http://www.securityfocus.com/bid/98492","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98492"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7481","reference_id":"CVE-2017-7481","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7481"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11490?format=json","purl":"pkg:pypi/ansible@2.1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.1.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11492?format=json","purl":"pkg:pypi/ansible@2.2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10565?format=json","purl":"pkg:pypi/ansible@2.3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pm6p-9arz-7ygs"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10567?format=json","purl":"pkg:pypi/ansible@2.4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5cgu-g45y-q3cj"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pm6p-9arz-7ygs"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-x99c-b7ve-hkdj"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.0.0"}],"aliases":["CVE-2017-7481","GHSA-w578-j992-554x","PYSEC-2018-41"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utrp-hfpb-tygj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35617?format=json","vulnerability_id":"VCID-vhxq-1hqq-77bx","summary":"An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330"},{"reference_url":"https://github.com/advisories/GHSA-785x-qw4v-6872","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-785x-qw4v-6872"},{"reference_url":"https://github.com/ansible/ansible/issues/68400","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/68400"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18294?format=json","purl":"pkg:pypi/ansible@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0"}],"aliases":["CVE-2020-14330","GHSA-785x-qw4v-6872","PYSEC-2020-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhxq-1hqq-77bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35607?format=json","vulnerability_id":"VCID-vsv2-4d8c-m3g1","summary":"A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776944","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1776944"},{"reference_url":"https://github.com/advisories/GHSA-gwr8-5j83-483c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gwr8-5j83-483c"},{"reference_url":"https://github.com/ansible/ansible/pull/65686","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/65686"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12521?format=json","purl":"pkg:pypi/ansible@2.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.15"},{"url":"http://public2.vulnerablecode.io/api/packages/14785?format=json","purl":"pkg:pypi/ansible@2.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/14999?format=json","purl":"pkg:pypi/ansible@2.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-ptg6-bwz8-pud8"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.2"}],"aliases":["CVE-2019-14904","GHSA-gwr8-5j83-483c","PYSEC-2020-161"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsv2-4d8c-m3g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35516?format=json","vulnerability_id":"VCID-x4mr-vrp9-ufg6","summary":"A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2020:0547","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2020:0547"},{"reference_url":"https://access.redhat.com/errata/RHBA-2020:1539","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2020:1539"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801804","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801804"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734"},{"reference_url":"https://github.com/advisories/GHSA-h39q-95q5-9jfp","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h39q-95q5-9jfp"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b"},{"reference_url":"https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0"},{"reference_url":"https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f"},{"reference_url":"https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0"},{"reference_url":"https://github.com/ansible/ansible/issues/67792","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/67792"},{"reference_url":"https://github.com/ansible/ansible/issues/70159","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/70159"},{"reference_url":"https://github.com/ansible/ansible/pull/70596","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/70596"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-1734","reference_id":"CVE-2020-1734","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2020-1734"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1734","reference_id":"CVE-2020-1734","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12523?format=json","purl":"pkg:pypi/ansible@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/15577?format=json","purl":"pkg:pypi/ansible@2.8.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13"},{"url":"http://public2.vulnerablecode.io/api/packages/18233?format=json","purl":"pkg:pypi/ansible@2.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/18293?format=json","purl":"pkg:pypi/ansible@2.10.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-vhxq-1hqq-77bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1"}],"aliases":["CVE-2020-1734","GHSA-h39q-95q5-9jfp","PYSEC-2020-6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mr-vrp9-ufg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35275?format=json","vulnerability_id":"VCID-yre5-mmmj-q3bn","summary":"Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3460","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3461","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3462","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3463","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3505","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3505"},{"reference_url":"https://access.redhat.com/security/cve/cve-2018-16837","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/cve-2018-16837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1"},{"reference_url":"https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4"},{"reference_url":"https://github.com/ansible/ansible/pull/47436","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/47436"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html"},{"reference_url":"https://usn.ubuntu.com/4072-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4396","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4396"},{"reference_url":"http://www.securityfocus.com/bid/105700","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105700"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16837","reference_id":"CVE-2018-16837","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16837"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9241?format=json","purl":"pkg:pypi/ansible@2.0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12357?format=json","purl":"pkg:pypi/ansible@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12356?format=json","purl":"pkg:pypi/ansible@2.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/12355?format=json","purl":"pkg:pypi/ansible@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.1"}],"aliases":["CVE-2018-16837","PYSEC-2018-44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yre5-mmmj-q3bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35224?format=json","vulnerability_id":"VCID-zwrg-9mrq-effd","summary":"In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2018:3788","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2018:3788"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2150","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2151","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2152","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2166","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2321","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2585","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0054","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"},{"reference_url":"https://usn.ubuntu.com/4072-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1/"},{"reference_url":"http://www.securitytracker.com/id/1041396","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041396"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10874","reference_id":"CVE-2018-10874","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10874"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9241?format=json","purl":"pkg:pypi/ansible@2.0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11585?format=json","purl":"pkg:pypi/ansible@2.4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11586?format=json","purl":"pkg:pypi/ansible@2.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/11587?format=json","purl":"pkg:pypi/ansible@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"},{"vulnerability":"VCID-yre5-mmmj-q3bn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.1"}],"aliases":["CVE-2018-10874","PYSEC-2018-81"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwrg-9mrq-effd"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35511?format=json","vulnerability_id":"VCID-yt5j-unv8-yudk","summary":"The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.","references":[{"reference_url":"https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2014-4678","reference_id":"","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2014-4678"},{"reference_url":"https://www.openwall.com/lists/oss-security/2014/06/26/30","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2014/06/26/30"},{"reference_url":"https://www.openwall.com/lists/oss-security/2014/07/02/2","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2014/07/02/2"},{"reference_url":"https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5","reference_id":"","reference_type":"","scores":[],"url":"https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5"},{"reference_url":"https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678","reference_id":"","reference_type":"","scores":[],"url":"https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9021?format=json","purl":"pkg:pypi/ansible@1.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d8u-w26v-nqfd"},{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2tq8-8hu5-juc2"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-7skd-9hpb-dbhj"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-bg46-sd2p-h7ez"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-g8tj-eaqr-myaa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hd4w-ksm9-uycv"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-j6qc-x7e6-buen"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-mj75-gu96-33ay"},{"vulnerability":"VCID-nb5v-58wt-87gz"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-p7d3-epbn-b7bp"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-rgcg-pkhf-7ydk"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-utrp-hfpb-tygj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-yre5-mmmj-q3bn"},{"vulnerability":"VCID-zwrg-9mrq-effd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.4"}],"aliases":["CVE-2014-4678","PYSEC-2020-203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yt5j-unv8-yudk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.6.4"}