Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Ansible-Runner 操作系统命令注入漏洞
Vulnerability Description
Ansible-Runner是Ansible公司的一个开源工具和 Python 库。用于在直接与 Ansible 交互或作为另一个系统的一部分时提供帮助。 Ansible-Runner存在操作系统命令注入漏洞,该漏洞源于ansible_runner中的输入验证不正确。攻击者可利用该漏洞将精心编制的参数传递给在主机操作系统而不是来宾操作系统上执行的命令。
CVSS Information
N/A
Vulnerability Type
N/A