—

PYSEC-2020-2

상세

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / ansible

최초 영향 버전: 2.9.0 수정 버전: 2.9.7

수정 pip install --upgrade 'ansible>=2.9.7'

참고

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10691 [REPORT]
https://github.com/ansible/ansible/pull/68596 [WEB]
https://github.com/advisories/GHSA-3c67-gc48-983w [ADVISORY]