Arbitrary Code Execution in Ansible's safe_eval Function

Arbitrary Code Execution in Ansible's safe_eval Function

CVE-2014-4657 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

Learn more about our Web Application Penetration Testing UK.