CVE-2014-4657

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0510%

EPSS Percentile41.14th

PublishedFeb 20, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

Affected Platforms (CPE)

📦

Redhat

Ansible

< 1.5.4

References & Advisories

🔗 https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md

🔗 https://www.securityfocus.com/bid/68232

🔗 https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md

🔗 https://www.securityfocus.com/bid/68232

Related Vulnerabilities

CVE-2017-75509.8

A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin m...

CVE-2018-168799.8

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel setting...

CVE-2017-74819.8

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control t...

CVE-2019-151499.8

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that ...