Skip to content

prevent ansible_facts injection (#68431) #68446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 15, 2020
Merged

prevent ansible_facts injection (#68431) #68446

merged 2 commits into from
Apr 15, 2020
+36 −5

Conversation

bcoca
Copy link
Member

@bcoca bcoca commented Mar 24, 2020
edited by mattclay
Loading

  • also only replace when needed
  • switched from replace to index
  • added test to verify bogus_facts are not accepted

CVE-2020-10684

Backport of #68431

(cherry picked from commit a9d2cea)

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

facts

@bcoca
prevent ansible_facts injection (ansible#68431)
8294470 
- also only replace when needed
 - switched from replace to index
 - added test to verify bogus_facts are not accepted

CVE-2020-10684

(cherry picked from commit a9d2cea)
@bcoca bcoca added the P1 Priority 1 - Immediate Attention Required; Release Immediately After Fixed label Mar 24, 2020
@ansibot ansibot added affects_2.7 This issue/PR affects Ansible v2.7 backport This PR does not target the devel branch. bug This issue/PR relates to a bug. core_review In order to be merged, this PR must follow the core review workflow. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Mar 24, 2020
@ansibot

This comment has been minimized.

Sign in to view
@ansibot ansibot added needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed core_review In order to be merged, this PR must follow the core review workflow. labels Mar 24, 2020
@bcoca bcoca removed the needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. label Mar 25, 2020
@ansibot ansibot added core_review In order to be merged, this PR must follow the core review workflow. test This PR relates to tests. labels Mar 26, 2020
@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Apr 8, 2020
@mattclay mattclay merged commit 1d0d264 into ansible:stable-2.7 Apr 15, 2020
@ansible ansible locked and limited conversation to collaborators May 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.7 This issue/PR affects Ansible v2.7 backport This PR does not target the devel branch. bug This issue/PR relates to a bug. core_review In order to be merged, this PR must follow the core review workflow. P1 Priority 1 - Immediate Attention Required; Release Immediately After Fixed stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team. test This PR relates to tests.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bcoca @ansibot @mattclay