High severityNVD Advisory· Published Aug 24, 2022· Updated Aug 3, 2024
CVE-2021-4041
CVE-2021-4041
Description
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansible-runnerPyPI | < 2.1.0 | 2.1.0 |
Affected products
2- ansible-runner/ansible-runnerdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-6j58-grhv-2769ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-4041ghsaADVISORY
- access.redhat.com/security/cve/CVE-2021-4041ghsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bdghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/ansible-runner/PYSEC-2022-253.yamlghsaWEB
News mentions
0No linked articles in our index yet.