88008badb1
* Fix nxos_file_copy option value path validation * Modify `local_file`, `local_file_directory` and `remote_file` option type from `str` to `path` so that the option value is validated in Ansible for a legitimate path value * Fix review comments
6 lines
494 B
YAML
6 lines
494 B
YAML
bugfixes:
|
|
- "CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is used for destination name
|
|
and performs actions related to that on the device using the value of remote_file which is of string type
|
|
However, there is no user input validation done while performing actions. A malicious code could crafts
|
|
the filename parameter to take advantage by performing an OS command injection. This fix validates the
|
|
option value if it is legitimate file path or not."
|