VulnerableCode Package Details - pkg:pypi/ansible@2.10

Search for packages

Package details: pkg:pypi/ansible@2.10

Essentials
History (2)

purl	pkg:pypi/ansible@2.10
Tags	Ghost

Next non-vulnerable version	8.5.0
Latest non-vulnerable version	8.5.0
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-fv75-t76d-aaag Aliases: CVE-2020-1734 GHSA-h39q-95q5-9jfp PYSEC-2020-6	A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.	2.10.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T20:04:37.490452+00:00	GHSA Importer	Affected by	VCID-fv75-t76d-aaag	None	36.0.0
2024-01-03T17:44:05.516835+00:00	GHSA Importer	Affected by	VCID-fv75-t76d-aaag	https://github.com/advisories/GHSA-h39q-95q5-9jfp	34.0.0rc1