CVE-2016-9587

Priority
Description
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input
validation in Ansible's handling of data sent from client systems. An
attacker with control over a client system being managed by Ansible and the
ability to send facts back to the Ansible server could use this flaw to
execute arbitrary code on the Ansible server using the Ansible server
privileges.
Assigned-to
mikesalvatore
Notes
Package
Upstream:released (2.2.0.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.0.2-2ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.5.1+dfsg-1)
More Information

Updated: 2020-09-10 05:33:24 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)