CVE-2023-5764: Improper Neutralization of Special Elements Used in a Template Engine
(updated )
A template injection flaw was found in Ansible where a user’s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.
References
Detect and mitigate CVE-2023-5764 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →