CVE-2020-1737: Path Traversal
(updated )
A flaw was found in Ansible when using the Extract-Zip
function from the win_unzip
module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.
References
Detect and mitigate CVE-2020-1737 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →