Any details (report upstream, fixing commits, etc ...) on this issue available?
Hi @carnil, You can refer the below link regarding the possible fix : github.com/dalrrard/ansible/blob/devel/lib/ansible/module_utils/connection.py
(In reply to Salvatore Bonaccorso from comment #3) > Any details (report upstream, fixing commits, etc ...) on this issue > available? fe28767 [0] seems to be the fixing commit, if you find something more please share. [0] https://github.com/dalrrard/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
This issue has been addressed in the following products: Red Hat Ansible Engine 2.9 for RHEL 7 Red Hat Ansible Engine 2.9 for RHEL 8 Via RHSA-2021:3871 https://access.redhat.com/errata/RHSA-2021:3871
This issue has been addressed in the following products: Red Hat Ansible Engine 2 for RHEL 7 Red Hat Ansible Engine 2 for RHEL 8 Via RHSA-2021:3872 https://access.redhat.com/errata/RHSA-2021:3872
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3620
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.0 for RHEL 8 Via RHSA-2021:3874 https://access.redhat.com/errata/RHSA-2021:3874
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat Virtualization Engine 4.4 Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8 Via RHSA-2021:4703 https://access.redhat.com/errata/RHSA-2021:4703
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2021:4750 https://access.redhat.com/errata/RHSA-2021:4750
Hi @psampaio, Yes, we do have the "Fixed In" version for this bug. The concerned bug i.e. CVE-2021-3620 has been fixed in Ansible Engine 2.9.27. Please refer https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes for the same. Let me know if you need any further info on this.