ubuntu · CVE-2017-7481

Quick triage

Priority: low Published: 2018-07-19 00:00:00 UTC Updated: 2025-08-25 22:37:43 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-7481 low priority: Ubuntu including 1 source packages (ansible), 20 status rows across 20 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, trusty, upstream, xenial, yakkety, zesty): not-affected 15, ignored 3, released 2.

Description:

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

cvelogic Threat Intelligence