{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-7481","title":"Title"},{"category":"description","text":"Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-7481","url":"https://www.suse.com/security/cve/CVE-2017-7481"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1038785 for CVE-2017-7481","url":"https://bugzilla.suse.com/1038785"},{"category":"external","summary":"Advisory link for SUSE-SU-2017:3029-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2017-November/003400.html"},{"category":"external","summary":"Advisory link for openSUSE-SU-2019:0238-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FH47JG2364DS3RXEQACFFT4VQTRTO2I6/#FH47JG2364DS3RXEQACFFT4VQTRTO2I6"},{"category":"external","summary":"Advisory link for openSUSE-SU-2024:14536-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LWEIR2LXW4QRWCY6HDMLUO2OTX5OZIC/"}],"title":"SUSE CVE CVE-2017-7481","tracking":{"current_release_date":"2026-03-15T12:13:53Z","generator":{"date":"2023-02-15T04:47:46Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-7481","initial_release_date":"2023-02-15T04:47:46Z","revision_history":[{"date":"2023-02-15T04:47:46Z","number":"2","summary":"Current version"},{"date":"2023-12-08T04:25:38Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:06:06Z","number":"4","summary":"Current version"},{"date":"2024-08-09T02:56:42Z","number":"5","summary":"Current version"},{"date":"2024-12-03T02:55:26Z","number":"6","summary":"Current version"},{"date":"2024-12-05T02:14:06Z","number":"7","summary":"Current version"},{"date":"2025-01-01T09:02:39Z","number":"8","summary":"Current version"},{"date":"2025-02-18T07:49:49Z","number":"9","summary":"Current version"},{"date":"2025-03-14T05:00:06Z","number":"10","summary":"Current version"},{"date":"2025-03-16T03:11:49Z","number":"11","summary":"Current version"},{"date":"2025-04-08T02:51:28Z","number":"12","summary":"Current version"},{"date":"2025-05-01T06:36:43Z","number":"13","summary":"Current version"},{"date":"2025-05-16T03:12:25Z","number":"14","summary":"Current version"},{"date":"2025-06-26T05:32:20Z","number":"15","summary":"Current version"},{"date":"2025-08-20T23:43:01Z","number":"16","summary":"Current version"},{"date":"2025-10-08T23:46:19Z","number":"17","summary":"Current version"},{"date":"2025-11-04T02:35:06Z","number":"18","summary":"Current version"},{"date":"2025-11-22T00:38:11Z","number":"19","summary":"Current version"},{"date":"2026-03-15T12:13:53Z","number":"20","summary":"unknown changes"}],"status":"interim","version":"20"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3-TERADATA","product":{"name":"SUSE Linux Enterprise Server 11 SP3-TERADATA","product_id":"SUSE Linux Enterprise Server 11 SP3-TERADATA","product_identification_helper":{"cpe":"cpe:/o:suse:sles:11:sp3:teradata"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 7","product":{"name":"SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:7"}}},{"category":"product_name","name":"SUSE Package Hub 12","product":{"name":"SUSE Package Hub 12","product_id":"SUSE Package Hub 12","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:12"}}},{"category":"product_name","name":"SUSE Package Hub 15","product":{"name":"SUSE Package Hub 15","product_id":"SUSE Package Hub 15"}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"ansible-10-10.6.0-1.1","product":{"name":"ansible-10-10.6.0-1.1","product_id":"ansible-10-10.6.0-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ansible-10@10.6.0-1.1"}}},{"category":"product_version","name":"ansible-11-11.11.0-1.1","product":{"name":"ansible-11-11.11.0-1.1","product_id":"ansible-11-11.11.0-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ansible-11@11.11.0-1.1"}}},{"category":"product_version","name":"ansible-11.3.0-160000.3.2","product":{"name":"ansible-11.3.0-160000.3.2","product_id":"ansible-11.3.0-160000.3.2","product_identification_helper":{"cpe":"cpe:2.3:a:redhat:ansible:11.3.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ansible@11.3.0-160000.3.2?upstream=ansible-11.3.0-160000.3.2.src.rpm"}}},{"category":"product_version","name":"ansible-12-12.2.0-1.1","product":{"name":"ansible-12-12.2.0-1.1","product_id":"ansible-12-12.2.0-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ansible-12@12.2.0-1.1"}}},{"category":"product_version","name":"ansible-2.2.0.0-10.1","product":{"name":"ansible-2.2.0.0-10.1","product_id":"ansible-2.2.0.0-10.1","product_identification_helper":{"cpe":"cpe:2.3:a:redhat:ansible:2.2.0.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ansible@2.2.0.0-10.1?upstream=ansible-2.2.0.0-10.1.src.rpm"}}},{"category":"product_version","name":"ansible-2.2.3.0-5.1","product":{"name":"ansible-2.2.3.0-5.1","product_id":"ansible-2.2.3.0-5.1","product_identification_helper":{"cpe":"cpe:2.3:a:redhat:ansible:2.2.3.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ansible@2.2.3.0-5.1?upstream=ansible-2.2.3.0-5.1.src.rpm"}}},{"category":"product_version","name":"ansible-2.4.1.0-6.1","product":{"name":"ansible-2.4.1.0-6.1","product_id":"ansible-2.4.1.0-6.1","product_identification_helper":{"cpe":"cpe:2.3:a:redhat:ansible:2.4.1.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ansible@2.4.1.0-6.1?upstream=ansible-2.4.1.0-6.1.src.rpm"}}},{"category":"product_version","name":"ansible-2.7.6-bp150.3.3.1","product":{"name":"ansible-2.7.6-bp150.3.3.1","product_id":"ansible-2.7.6-bp150.3.3.1","product_identification_helper":{"cpe":"cpe:2.3:a:redhat:ansible:2.7.6:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ansible@2.7.6-bp150.3.3.1?upstream=ansible-2.7.6-bp150.3.3.1.src.rpm"}}},{"category":"product_version","name":"ansible-2.9.24-1.2","product":{"name":"ansible-2.9.24-1.2","product_id":"ansible-2.9.24-1.2","product_identification_helper":{"cpe":"cpe:2.3:a:redhat:ansible:2.9.24:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ansible@2.9.24-1.2?upstream=ansible-2.9.24-1.2.src.rpm"}}},{"category":"product_version","name":"ansible-9-9.8.0-1.1","product":{"name":"ansible-9-9.8.0-1.1","product_id":"ansible-9-9.8.0-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ansible-9@9.8.0-1.1"}}},{"category":"product_version","name":"ansible-doc-2.9.24-1.2","product":{"name":"ansible-doc-2.9.24-1.2","product_id":"ansible-doc-2.9.24-1.2","product_identification_helper":{"cpe":"cpe:2.3:a:redhat:ansible:2.9.24:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ansible-doc@2.9.24-1.2?upstream=ansible-2.9.24-1.2.src.rpm"}}},{"category":"product_version","name":"ansible-test-2.9.24-1.2","product":{"name":"ansible-test-2.9.24-1.2","product_id":"ansible-test-2.9.24-1.2","product_identification_helper":{"cpe":"cpe:2.3:a:redhat:ansible:2.9.24:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ansible-test@2.9.24-1.2?upstream=ansible-2.9.24-1.2.src.rpm"}}},{"category":"product_version","name":"monasca-installer-20170912_10.45-5.1","product":{"name":"monasca-installer-20170912_10.45-5.1","product_id":"monasca-installer-20170912_10.45-5.1","product_identification_helper":{"purl":"pkg:rpm/suse/monasca-installer@20170912_10.45-5.1?upstream=monasca-installer-20170912_10.45-5.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"ansible-2.2.0.0-10.1 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA","product_id":"SUSE Linux Enterprise Server 11 SP3-TERADATA:ansible-2.2.0.0-10.1"},"product_reference":"ansible-2.2.0.0-10.1","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3-TERADATA"},{"category":"default_component_of","full_product_name":{"name":"ansible-11.3.0-160000.3.2 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:ansible-11.3.0-160000.3.2"},"product_reference":"ansible-11.3.0-160000.3.2","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"ansible-2.2.3.0-5.1 as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1"},"product_reference":"ansible-2.2.3.0-5.1","relates_to_product_reference":"SUSE OpenStack Cloud 7"},{"category":"default_component_of","full_product_name":{"name":"monasca-installer-20170912_10.45-5.1 as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1"},"product_reference":"monasca-installer-20170912_10.45-5.1","relates_to_product_reference":"SUSE OpenStack Cloud 7"},{"category":"default_component_of","full_product_name":{"name":"ansible-2.4.1.0-6.1 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:ansible-2.4.1.0-6.1"},"product_reference":"ansible-2.4.1.0-6.1","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"ansible-2.7.6-bp150.3.3.1 as component of SUSE Package Hub 15","product_id":"SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1"},"product_reference":"ansible-2.7.6-bp150.3.3.1","relates_to_product_reference":"SUSE Package Hub 15"},{"category":"default_component_of","full_product_name":{"name":"ansible-2.9.24-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ansible-2.9.24-1.2"},"product_reference":"ansible-2.9.24-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ansible-10-10.6.0-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ansible-10-10.6.0-1.1"},"product_reference":"ansible-10-10.6.0-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ansible-11-11.11.0-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ansible-11-11.11.0-1.1"},"product_reference":"ansible-11-11.11.0-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ansible-12-12.2.0-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ansible-12-12.2.0-1.1"},"product_reference":"ansible-12-12.2.0-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ansible-9-9.8.0-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ansible-9-9.8.0-1.1"},"product_reference":"ansible-9-9.8.0-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ansible-doc-2.9.24-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ansible-doc-2.9.24-1.2"},"product_reference":"ansible-doc-2.9.24-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ansible-test-2.9.24-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ansible-test-2.9.24-1.2"},"product_reference":"ansible-test-2.9.24-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ansible as component of SUSE Manager Proxy Module 4.2","product_id":"SUSE Manager Proxy Module 4.2:ansible"},"product_reference":"ansible","relates_to_product_reference":"SUSE Manager Proxy Module 4.2"},{"category":"default_component_of","full_product_name":{"name":"ansible-doc as component of SUSE Manager Proxy Module 4.2","product_id":"SUSE Manager Proxy Module 4.2:ansible-doc"},"product_reference":"ansible-doc","relates_to_product_reference":"SUSE Manager Proxy Module 4.2"}]},"vulnerabilities":[{"cve":"CVE-2017-7481","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-7481"}],"notes":[{"category":"general","text":"Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Server 11 SP3-TERADATA:ansible-2.2.0.0-10.1","SUSE Linux Enterprise Server 16.0:ansible-11.3.0-160000.3.2","SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1","SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1","SUSE Package Hub 12:ansible-2.4.1.0-6.1","SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1","openSUSE Tumbleweed:ansible-10-10.6.0-1.1","openSUSE Tumbleweed:ansible-11-11.11.0-1.1","openSUSE Tumbleweed:ansible-12-12.2.0-1.1","openSUSE Tumbleweed:ansible-2.9.24-1.2","openSUSE Tumbleweed:ansible-9-9.8.0-1.1","openSUSE Tumbleweed:ansible-doc-2.9.24-1.2","openSUSE Tumbleweed:ansible-test-2.9.24-1.2"]},"references":[{"category":"external","summary":"CVE-2017-7481","url":"https://www.suse.com/security/cve/CVE-2017-7481"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1038785 for CVE-2017-7481","url":"https://bugzilla.suse.com/1038785"},{"category":"external","summary":"Advisory link for SUSE-SU-2017:3029-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2017-November/003400.html"},{"category":"external","summary":"Advisory link for openSUSE-SU-2019:0238-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FH47JG2364DS3RXEQACFFT4VQTRTO2I6/#FH47JG2364DS3RXEQACFFT4VQTRTO2I6"},{"category":"external","summary":"Advisory link for openSUSE-SU-2024:14536-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7LWEIR2LXW4QRWCY6HDMLUO2OTX5OZIC/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 11 SP3-TERADATA:ansible-2.2.0.0-10.1","SUSE Linux Enterprise Server 16.0:ansible-11.3.0-160000.3.2","SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1","SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1","SUSE Package Hub 12:ansible-2.4.1.0-6.1","SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1","openSUSE Tumbleweed:ansible-10-10.6.0-1.1","openSUSE Tumbleweed:ansible-11-11.11.0-1.1","openSUSE Tumbleweed:ansible-12-12.2.0-1.1","openSUSE Tumbleweed:ansible-2.9.24-1.2","openSUSE Tumbleweed:ansible-9-9.8.0-1.1","openSUSE Tumbleweed:ansible-doc-2.9.24-1.2","openSUSE Tumbleweed:ansible-test-2.9.24-1.2"]},{"category":"no_fix_planned","details":"There is no fix planned for these products.\n","product_ids":["SUSE Manager Proxy Module 4.2:ansible","SUSE Manager Proxy Module 4.2:ansible-doc"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Server 11 SP3-TERADATA:ansible-2.2.0.0-10.1","SUSE Linux Enterprise Server 16.0:ansible-11.3.0-160000.3.2","SUSE OpenStack Cloud 7:ansible-2.2.3.0-5.1","SUSE OpenStack Cloud 7:monasca-installer-20170912_10.45-5.1","SUSE Package Hub 12:ansible-2.4.1.0-6.1","SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1","openSUSE Tumbleweed:ansible-10-10.6.0-1.1","openSUSE Tumbleweed:ansible-11-11.11.0-1.1","openSUSE Tumbleweed:ansible-12-12.2.0-1.1","openSUSE Tumbleweed:ansible-2.9.24-1.2","openSUSE Tumbleweed:ansible-9-9.8.0-1.1","openSUSE Tumbleweed:ansible-doc-2.9.24-1.2","openSUSE Tumbleweed:ansible-test-2.9.24-1.2"]}],"threats":[{"category":"impact","date":"2017-05-11T12:00:11Z","details":"moderate"}],"title":"CVE-2017-7481"}]}