CVE-2017-7481 vulnerability in Red Hat and Other Products
Published on July 19, 2018
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
NVD
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2017-7481
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-7481 are published in these products:
Affected Versions
[UNKNOWN] ansible:- Version ansible 2.3.1.0 is affected.
- Version ansible 2.4.0.0 is affected.
Exploit Probability
EPSS
1.92%
Percentile
83.08%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.