CVE-2020-10691: Path Traversal
(updated )
An archive traversal flaw was found in all ansible-engine, when running ansible-galaxy collection install. When extracting a collection .tar.gz
file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.
References
Detect and mitigate CVE-2020-10691 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →