Arbitrary Code Execution in Ansible's safe_eval Function
CVE-2014-4657 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
Learn more about our Web Application Penetration Testing UK.