VYPR
High severity7.8NVD Advisory· Published Jul 2, 2018· Updated Jun 17, 2026

CVE-2018-10874

CVE-2018-10874

Description

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ansiblePyPI
< 2.4.6.02.4.6.0
ansiblePyPI
>= 2.5, < 2.5.62.5.6
ansiblePyPI
>= 2.6, < 2.6.12.6.1

Affected products

37

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.