—

PYSEC-2020-199

Details

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / ansible

Introduced in: 0 Fixed in: 1.5.4

Fix pip install --upgrade 'ansible>=1.5.4'

References

https://www.securityfocus.com/bid/68232 [WEB]
https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md [WEB]