VYPR
Critical severity9.8NVD Advisory· Published Jul 19, 2018· Updated Jun 17, 2026

CVE-2017-7481

CVE-2017-7481

Description

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ansiblePyPI
>= 2.3.0.0, < 2.3.1.02.3.1.0
ansiblePyPI
< 2.1.6.02.1.6.0
ansiblePyPI
>= 2.2.0.0, < 2.2.3.02.2.3.0

Affected products

10

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.