PYSEC-2022-253
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/ansible-runner/PYSEC-2022-253.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2022-253
- Aliases
- Published
- 2022-08-24T16:15:00Z
- Modified
- 2023-11-08T04:06:47.591366Z
- Summary
- [none]
- Details
-
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.
- References
Affected packages
PyPI / ansible-runner
Package
- Name
- ansible-runner
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansible-runner
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ansible/ansible-runner
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.0
Affected versions
1.*
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.1.0
1.1.1
1.1.2
1.2.0
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.2
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
2.*
2.0.0a1
2.0.0a2
2.0.0a3
2.0.0a4
2.0.0.0a5
2.0.0.0b1
2.0.0.0rc1
2.0.0.0rc2
2.0.0.0rc3
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0.0a1
2.1.0.0a2
2.1.0.0b1