VYPR

apk package

chainguard/ansible-operator

pkg:apk/chainguard/ansible-operator

Vulnerabilities (65)

  • CVE-2024-56326HigDec 23, 2024
    affected < 1.37.1-r0fixed 1.37.1-r0

    Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs t

  • CVE-2024-56201HigDec 23, 2024
    affected < 1.37.1-r0fixed 1.37.1-r0

    Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit

  • CVE-2024-45338MedDec 18, 2024
    affected < 1.37.0-r1fixed 1.37.0-r1

    An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

  • CVE-2024-11079MedNov 12, 2024
    affected < 1.37.0-r0fixed 1.37.0-r0

    A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templat

  • CVE-2024-9902MedNov 6, 2024
    affected < 1.37.0-r0fixed 1.37.0-r0

    A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home dir

Page 4 of 4