advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon pypa

Correction of PYSEC-2020-220.yaml. Adding fixed version

Open awsactran opened this issue 5 months ago • 2 comments

According to the maintainers/clarification https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094 .

The issue was fixed in version 1.2.1. Hence, I am updating the YAML to add fixed version accordingly.

awsactran avatar Jul 29 '25 16:07 awsactran

@oliverchang Apologies for tagging you here. But it seems that this PR was hanging for 3 weeks now so wondering if you can help reviewing and merging the change.

TIA

awsactran avatar Aug 19 '25 03:08 awsactran

https://access.redhat.com/security/cve/CVE-2020-25635 says:

Ansible collection aws_ssm connection community plugin 1.2.1 and previous versions until 1.0.0 when it was introduced to this plugin, are the versions affected by this flaw.

So it seems like this was actually introduced in 1.0.0 and fixed in 1.2.2?

Furthermore, this vulnerability seems to be in the https://github.com/ansible-collections/community.aws/ project, (where version 1.2.1 was created in August 2023) and not the https://pypi.org/project/ansible/ project, where version 1.2.1 was created in July 2013.

di avatar Aug 19 '25 13:08 di