FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ansible -- Input validation flaw in jinja2 templating system

Affected packages
ansible < 2.3.1

Details

VuXML ID 15a04b9f-47cb-11e7-a853-001fbc0f280f
Discovery 2017-05-09
Entry 2017-06-02

RedHat security team reports:

An input validation flaw was found in Ansible, where it fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result in code execution.

References

URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481
URL https://access.redhat.com/security/cve/cve-2017-7481