CVE-2023-5189

Relative Path Traversal in pypi/galaxy-importer

Identifiers

GHSA-55g2-vm3q-7w52, CVE-2023-5189

Package Slug

pypi/galaxy-importer

Vulnerability

Relative Path Traversal

Description

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.

Affected Versions

All versions up to 0.4.16

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-11-17

source