7.8
CVE-2021-4041
- EPSS 0.05%
- Veröffentlicht 24.08.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:36:46
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Runner Version < 2.1.0
Redhat ≫ Ansible Runner Version2.1.0 Updatealpha1
Redhat ≫ Ansible Runner Version2.1.0 Updatealpha2
Redhat ≫ Ansible Runner Version2.1.0 Updatebeta1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.166 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.