VYPR
High severity7.5NVD Advisory· Published Mar 9, 2020· Updated Jun 17, 2026

CVE-2020-1737

CVE-2020-1737

Description

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ansiblePyPI
>= 2.8.0a1, < 2.8.92.8.9
ansiblePyPI
>= 2.9.0a1, < 2.9.62.9.6
ansiblePyPI
< 2.7.172.7.17

Affected products

147

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.