VulnerableCode Vulnerability Details - VCID-qhcq-2uvd-cbee

Search for vulnerabilities

Vulnerability details: VCID-qhcq-2uvd-cbee

Essentials
Severities (0)
References (8)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qhcq-2uvd-cbee
Aliases	PYSEC-2019-75
Summary	Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Status	Published
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
		http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
		https://access.redhat.com/errata/RHSA-2019:3744
		https://access.redhat.com/errata/RHSA-2019:3789
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828
		https://github.com/ansible/ansible/pull/52133
		https://usn.ubuntu.com/4072-1/

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-08-01T08:34:19.361808+00:00	PyPI Importer	Import	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	37.0.0