1 results (0.002 seconds)
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-2809
https://notcve.org/view.php?id=CVE-2017-2809
14 Sep 2017 — An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. Existe una vulnerabilidad explotable en la funcionalidad de carga de archivos yaml de ansible-vault en versiones anteriores a la 1.0.5. Una bóveda (vault) especialmente manipulada puede ejecutar comandos python arbitrarios. • http://www.securityfocus.com/bid/100824 • CWE-94: Improper Control of Generation of Code ('Code Injection') •