ansible-core is vulnerable to Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
78
High Risk
Affected versions of ansible-core are vulnerable to command injection in the ansible-galaxy role install command due to improper neutralization of argument delimiters in role dependency specifications. A malicious role can inject arbitrary Git configuration options through the src field in meta/requirements.yml, potentially leading to arbitrary code execution on systems that install the role.
You are affected if you are using a version that falls within the vulnerable range.
ansible-core is vulnerable to Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in versions 0.0.1 - 2.21.0.
Upgrade the ansible-core library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant