VYPR
Medium severity5.2NVD Advisory· Published Apr 30, 2020· Updated Jun 17, 2026

CVE-2020-10691

CVE-2020-10691

Description

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ansiblePyPI
>= 2.9.0a1, < 2.9.72.9.7

Affected products

147

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.