ansible-runner

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ansible-runnerpage 1 of 1

CVE-2021-3701MEDIUMCVSS 6.6EG 6.6✓ Fixed in 2.1.0
2022-08-23
vulnerable: 2.0.0 ... 2.1.0.0b1 (8 versions)
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or f…
CVE-2021-3702MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.1.0
2022-08-23
vulnerable: 2.0.0 ... 2.1.0.0b1 (8 versions)
A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir t…
CVE-2021-4041HIGHCVSS 7.8EG 7.8✓ Fixed in 2.1.0
2022-08-24
vulnerable: 1.0.1 ... 2.1.0.0b1 (40 versions)
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write…

Check whether ansible-runner is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ansible-runner CVEs against the assets you own.

Start Free Scan →