High severityNVD Advisory· Published Jun 22, 2018· Updated Aug 5, 2024

CVE-2017-7466

Description

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Ansible before 2.3 has an input validation flaw in handling client facts, allowing authenticated attackers to execute arbitrary code on the server.

Vulnerability

Ansible versions before 2.3 contain an input validation vulnerability when processing facts sent from managed client systems [1][2]. The ansible server does not properly validate the data arriving from clients, allowing crafted fact payloads to be interpreted unsafely. This affects all Ansible deployments where clients can send fact data back to the controller node [1][2][4]. The flaw is addressed in Ansible 2.3.0.0 and later releases [1][4].

Exploitation

An attacker must have control over a client system that is managed by Ansible and be able to send facts back to the Ansible server [1][2]. No additional authentication bypass is required because the client is already authorized to return fact data. The attacker crafts a malicious fact payload that, when processed by the server, triggers code execution [2]. The exact sequence involves submitting the crafted facts during a normal facts-gathering operation [1][2].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the Ansible server with the privileges of the Ansible process (typically root or the ansible user) [1][2]. This compromises the confidentiality, integrity, and availability of the controller node and potentially all managed systems [2]. The attacker could deploy backdoors, steal credentials, or pivot to other infrastructure [2].

Mitigation

The vulnerability is fixed in Ansible 2.3.0.0, released alongside the upstream project [1][4]. Red Hat provided updates via RHSA-2017:1244 (for Red Hat Enterprise Linux) and RHSA-2017:1685 (for RHEV Engine 4.1) [1][4]. Users must upgrade to Ansible 2.3.0.0 or later. No workaround is documented; upgrading is the only complete mitigation [1][4]. The issue is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
ansiblePyPI	< 2.2.3.0	2.2.3.0

Affected products

146

ghsa-coords146 versions
pkg:pypi/ansible pkg:rpm/opensuse/ansible-10&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/ansible-11&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/ansible-12&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/ansible-9&distro=openSUSE%20Tumbleweed pkg:rpm/suse/ansible&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015 pkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-mq&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-osconfig&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/grafana-natel-discrete-panel&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/monasca-installer&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-cinder-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-ardana-packager&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-ardana-packager&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-Flask-Cors&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-Flask-Cors&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-keystoneclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-keystoneclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-keystoneclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-keystonemiddleware&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-kombu&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-kombu&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-kombu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-Pillow&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-straight-plugin&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-straight-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-urllib3&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/release-notes-hpe-helion-openstack&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/storm&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
< 2.2.3.0+ 145 more
- (no CPE)range: < 2.2.3.0
- (no CPE)range: < 10.6.0-1.1
- (no CPE)range: < 11.11.0-1.1
- (no CPE)range: < 12.2.0-1.1
- (no CPE)range: < 9.8.0-1.1
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.2.3.0-5.1
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.7.6-bp150.3.3.1
- (no CPE)range: < 8.0+git.1596735237.54109b1-3.77.1
- (no CPE)range: < 8.0+git.1596735237.54109b1-3.77.1
- (no CPE)range: < 8.0+git.1596129856.263f430-3.43.1
- (no CPE)range: < 8.0+git.1596129856.263f430-3.43.1
- (no CPE)range: < 8.0+git.1593631779.76fa9b7-3.24.1
- (no CPE)range: < 8.0+git.1593631779.76fa9b7-3.24.1
- (no CPE)range: < 8.0+git.1593618123.678c32b-3.26.1
- (no CPE)range: < 8.0+git.1593618123.678c32b-3.26.1
- (no CPE)range: < 8.0+git.1601298847.dd01585-3.42.1
- (no CPE)range: < 8.0+git.1601298847.dd01585-3.42.1
- (no CPE)range: < 8.0+git.1595885113.93abcbc-3.49.1
- (no CPE)range: < 8.0+git.1595885113.93abcbc-3.49.1
- (no CPE)range: < 5.0+git.1600432272.b3ad722f0-3.44.1
- (no CPE)range: < 5.0+git.1599037158.5c4d07480-4.43.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 20170912_10.45-5.1
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 0.0.3-7.7.2
- (no CPE)range: < 0.0.3-7.7.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 3.0.3-3.3.1
- (no CPE)range: < 3.0.3-3.3.1
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 1.5.0-1.3.1
- (no CPE)range: < 1.5.0-1.3.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 3.9.3-1.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 5.1.1~dev7-12.28.1
- (no CPE)range: < 5.1.1~dev7-12.28.1
- (no CPE)range: < 5.0.2~dev3-12.29.1
- (no CPE)range: < 5.0.2~dev3-12.29.1
- (no CPE)range: < 9.0.8~dev7-12.26.1
- (no CPE)range: < 9.0.8~dev7-12.26.1
- (no CPE)range: < 11.2.3~dev29-14.30.1
- (no CPE)range: < 11.2.3~dev29-14.30.1
- (no CPE)range: < 5.0.3~dev7-12.27.1
- (no CPE)range: < 5.0.3~dev7-12.27.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.24.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.24.1
- (no CPE)range: < 15.0.3~dev3-12.27.1
- (no CPE)range: < 15.0.3~dev3-12.27.1
- (no CPE)range: < 9.0.8~dev22-12.29.1
- (no CPE)range: < 9.0.8~dev22-12.29.1
- (no CPE)range: < 12.0.5~dev3-14.32.1
- (no CPE)range: < 12.0.5~dev3-14.32.1
- (no CPE)range: < 9.1.8~dev8-12.29.1
- (no CPE)range: < 9.1.8~dev8-12.29.1
- (no CPE)range: < 12.0.4~dev11-11.30.1
- (no CPE)range: < 12.0.4~dev11-11.30.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.28.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.28.1
- (no CPE)range: < 5.1.1~dev5-12.33.1
- (no CPE)range: < 5.1.1~dev5-12.33.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.24.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.24.1
- (no CPE)range: < 2.2.2~dev1-11.24.1
- (no CPE)range: < 2.2.2~dev1-11.24.1
- (no CPE)range: < 4.0.2~dev2-12.24.1
- (no CPE)range: < 4.0.2~dev2-12.24.1
- (no CPE)range: < 11.0.9~dev69-13.32.1
- (no CPE)range: < 11.0.9~dev69-13.32.1
- (no CPE)range: < 16.1.9~dev76-11.30.1
- (no CPE)range: < 16.1.9~dev76-11.30.1
- (no CPE)range: < 1.0.6~dev3-12.29.1
- (no CPE)range: < 1.0.6~dev3-12.29.1
- (no CPE)range: < 7.0.5~dev4-11.28.1
- (no CPE)range: < 7.0.5~dev4-11.28.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.21.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.21.1
- (no CPE)range: < 8.0.2~dev2-11.28.1
- (no CPE)range: < 8.0.2~dev2-11.28.1

Patches

7ff9fa52cfce

Revert "Fixing another corner case for security related to CVE-2016-9587"

https://github.com/ansible/ansibleJames CammarataApr 5, 2017via ghsa

commit

2 files changed · +4 −9

lib/ansible/template/__init__.py+2 −3 modified

@@ -144,7 +144,7 @@ def _is_unsafe(self, val):
         '''
         if isinstance(val, dict):
             for key in val.keys():
-                if self._is_unsafe(key) or self._is_unsafe(val[key]):
+                if self._is_unsafe(val[key]):
                     return True
         elif isinstance(val, list):
             for item in val:
@@ -382,12 +382,11 @@ def template(self, variable, convert_bare=False, preserve_trailing_newlines=True
                             overrides=overrides,
                             disable_lookups=disable_lookups,
                         )
-
-                        unsafe = hasattr(result, '__UNSAFE__')
                         if convert_data and not self._no_type_regex.match(variable):
                             # if this looks like a dictionary or list, convert it to such using the safe_eval method
                             if (result.startswith("{") and not result.startswith(self.environment.variable_start_string)) or \
                                     result.startswith("[") or result in ("True", "False"):
+                                unsafe = hasattr(result, '__UNSAFE__')
                                 eval_results = safe_eval(result, locals=self._available_variables, include_exceptions=True)
                                 if eval_results[1] is None:
                                     result = eval_results[0]

lib/ansible/vars/unsafe_proxy.py+2 −6 modified

@@ -98,14 +98,10 @@ def decode(self, obj):
 
 
 def _wrap_dict(v):
-    # Create new dict to get rid of the keys that are not wrapped.
-    new = {}
     for k in v.keys():
         if v[k] is not None:
-            new[wrap_var(k)] = wrap_var(v[k])
-        else:
-            new[wrap_var(k)] = None
-    return new
+            v[wrap_var(k)] = wrap_var(v[k])
+    return v
 
 
 def _wrap_list(v):

0d418789a298

Revert "Fixing another corner case for security related to CVE-2016-9587"

https://github.com/ansible/ansibleJames CammarataFeb 8, 2017via ghsa

commit

2 files changed · +4 −8

lib/ansible/template/__init__.py+2 −2 modified

@@ -144,7 +144,7 @@ def _is_unsafe(self, val):
         '''
         if isinstance(val, dict):
             for key in val.keys():
-                if self._is_unsafe(key) or self._is_unsafe(val[key]):
+                if self._is_unsafe(val[key]):
                     return True
         elif isinstance(val, list):
             for item in val:
@@ -385,11 +385,11 @@ def template(self, variable, convert_bare=False, preserve_trailing_newlines=True
                             overrides=overrides,
                             disable_lookups=disable_lookups,
                         )
-                        unsafe = hasattr(result, '__UNSAFE__')
                         if convert_data and not self._no_type_regex.match(variable):
                             # if this looks like a dictionary or list, convert it to such using the safe_eval method
                             if (result.startswith("{") and not result.startswith(self.environment.variable_start_string)) or \
                                     result.startswith("[") or result in ("True", "False"):
+                                unsafe = hasattr(result, '__UNSAFE__')
                                 eval_results = safe_eval(result, locals=self._available_variables, include_exceptions=True)
                                 if eval_results[1] is None:
                                     result = eval_results[0]

lib/ansible/vars/unsafe_proxy.py+2 −6 modified

@@ -98,14 +98,10 @@ def decode(self, obj):
 
 
 def _wrap_dict(v):
-    # Create new dict to get rid of the keys that are not wrapped.
-    new = {}
     for k in v.keys():
         if v[k] is not None:
-            new[wrap_var(k)] = wrap_var(v[k])
-        else:
-            new[wrap_var(k)] = None
-    return new
+            v[wrap_var(k)] = wrap_var(v[k])
+    return v
 
 
 def _wrap_list(v):

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/errata/RHSA-2017:1244ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2017:1334ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2017:1476ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2017:1499ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2017:1599ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2017:1685ghsavendor-advisoryx_refsource_REDHATWEB
github.com/advisories/GHSA-3m8p-xpm6-8ww3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-7466ghsaADVISORY
www.securityfocus.com/bid/97595mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079ghsaWEB
github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839cghsaWEB
github.com/ansible/ansible/issues/24186ghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yamlghsaWEB
web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000