Max CVSS | 8.5 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-7481 | 7.5 |
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting
|
04-08-2021 - 17:15 | 19-07-2018 - 13:29 | |
CVE-2017-7466 | 8.5 |
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could
|
04-08-2021 - 17:15 | 22-06-2018 - 13:29 | |
CVE-2017-1000095 | 4.0 |
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 |