VYPR
Medium severity5.6NVD Advisory· Published Mar 31, 2020· Updated Jun 17, 2026

CVE-2019-14905

CVE-2019-14905

Description

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ansiblePyPI
>= 2.7.0a1, < 2.7.162.7.16
ansiblePyPI
>= 2.8.0a1, < 2.8.82.8.8
ansiblePyPI
>= 2.9.0a1, < 2.9.32.9.3

Affected products

149

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.