CVE-2018-10874

Summary

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]ansiblen/aaffected

Weaknesses

  • CWE-426: CWE-426

ADP Enrichment

CVE Program Container

Additional References

References