1. ansible
  2. changelogs
  3. fragments
  4. nxos_file_copy_path_issue.yml
Raw Blame History 
bugfixes:
- "CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is used for destination name
   and performs actions related to that on the device using the value of remote_file which is of string type
   However, there is no user input validation done while performing actions. A malicious code could crafts
   the filename parameter to take advantage by performing an OS command injection. This fix validates the
   option value if it is legitimate file path or not."