CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-2809
https://notcve.org/view.php?id=CVE-2017-2809
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. Existe una vulnerabilidad explotable en la funcionalidad de carga de archivos yaml de ansible-vault en versiones anteriores a la 1.0.5. Una bóveda (vault) especialmente manipulada puede ejecutar comandos python arbitrarios. • http://www.securityfocus.com/bid/100824 https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04 https://github.com/tomoh1r/ansible-vault/issues/4 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305 • CWE-94: Improper Control of Generation of Code ('Code Injection') •