VYPR
High severityNVD Advisory· Published Mar 3, 2020· Updated Aug 4, 2024

CVE-2020-1734

CVE-2020-1734

Description

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ansiblePyPI
>= 2.10.0a1, < 2.10.0rc12.10.0rc1
ansiblePyPI
>= 2.9.0a1, < 2.9.112.9.11
ansiblePyPI
< 2.8.132.8.13

Affected products

184

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.