CVE-2016-9587 (retired)

Priority
Description
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input
validation in Ansible's handling of data sent from client systems. An
attacker with control over a client system being managed by Ansible and the
ability to send facts back to the Ansible server could use this flaw to
execute arbitrary code on the Ansible server using the Ansible server
privileges.
Assigned-to
mikesalvatore
Package
Upstream:released (2.2.0.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.0.2-2ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.5.1+dfsg-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (2.6.1+dfsg-1)
More Information

Updated: 2019-03-26 12:23:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)