CVE-2016-3096: Improper Link Resolution Before File Access
(updated )
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on the archived container in the archive_path directory, or the lxc-attach-script.err files in the temporary directory.
References
Detect and mitigate CVE-2016-3096 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →