ansible/changelogs/fragments/nxos_file_copy_path_issue.yml

bugfixes:
- "CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is used for destination name
   and performs actions related to that on the device using the value of remote_file which is of string type
   However, there is no user input validation done while performing actions. A malicious code could crafts
   the filename parameter to take advantage by performing an OS command injection. This fix validates the
   option value if it is legitimate file path or not."
Fix nxos_file_copy option value path validation (#65423) * Fix nxos_file_copy option value path validation * Modify `local_file`, `local_file_directory` and `remote_file` option type from `str` to `path` so that the option value is validated in Ansible for a legitimate path value * Fix review comments 2019-12-15 06:11:33 +01:00			`bugfixes:`
			`- "CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is used for destination name`
			`and performs actions related to that on the device using the value of remote_file which is of string type`
			`However, there is no user input validation done while performing actions. A malicious code could crafts`
			`the filename parameter to take advantage by performing an OS command injection. This fix validates the`
			`option value if it is legitimate file path or not."`