Improper input validation in Ansible

CVE-2021-3583

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handl…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (51.3th percentile) — read the EPSS interpretation.

Affected products

  • N/a Ansible — versions ansible_tower 3.7, ansible_engine 2.9.23

Weakness classification (CWE)

References