1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/lib/ansible/template
James Cammarata ed56f51f18 Fixing security issue with lookup returns not tainting the jinja2 environment
CVE-2017-7481

Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.

This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.
2017-05-08 12:43:46 -05:00
..
__init__.py Fixing security issue with lookup returns not tainting the jinja2 environment 2017-05-08 12:43:46 -05:00
safe_eval.py Update module_utils.six to latest (#22855) 2017-03-23 13:35:05 -07:00
template.py Fixing security bugs for CVE-2016-9587 2017-01-09 10:43:03 -06:00
vars.py Update module_utils.six to latest (#22855) 2017-03-23 13:35:05 -07:00