High severity7.5NVD Advisory· Published Sep 14, 2017· Updated Jun 17, 2026
CVE-2017-2809
CVE-2017-2809
Description
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansible-vaultPyPI | < 1.0.5 | 1.0.5 |
Affected products
3- cpe:2.3:a:ansible-vault_project:ansible-vault:*:*:*:*:*:*:*:*Range: <=1.0.4
- Tomohiro Nakamura/ansible-vaultv5Range: 1.0.4
Patches
Vulnerability mechanics
References
9- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305nvdExploitThird Party AdvisoryWEB
- www.securityfocus.com/bid/100824nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-c2w9-48qc-qpj4ghsaADVISORY
- github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txtnvdThird Party AdvisoryWEB
- github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04nvdThird Party AdvisoryWEB
- github.com/tomoh1r/ansible-vault/issues/4nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-2809ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/ansible-vault/PYSEC-2017-5.yamlghsaWEB
- web.archive.org/web/20171206173637/http://www.securityfocus.com/bid/100824ghsaWEB
News mentions
0No linked articles in our index yet.