{"id":"CVE-2023-5764","details":"A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.","aliases":["GHSA-7j69-qfc3-2fq9"],"modified":"2026-04-02T09:47:06.478131Z","published":"2023-12-12T22:15:22.747Z","related":["SUSE-SU-2024:1427-1","SUSE-SU-2024:1509-1","openSUSE-SU-2024:13485-1","openSUSE-SU-2024:13486-1","openSUSE-SU-2024:14251-1","openSUSE-SU-2024:14537-1","openSUSE-SU-2025:15638-1","openSUSE-SU-2025:15754-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241025-0001/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:7773"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-5764"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247629"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ansible/ansible","events":[{"introduced":"0"},{"fixed":"1acaaadd0bcb416237410050dfd1ab1eeaabc046"},{"introduced":"748096552f96937f6e912e39b857f37b91563576"},{"fixed":"e5fd1dae573abca8103b0efbba9a517add9f541c"},{"introduced":"0"},{"last_affected":"704ee70943c3e3ab7aeaa448f208a94220c02e6b"},{"introduced":"0"},{"last_affected":"2223709bddc3b8481dc2cc6924b0498a3ebf5de9"},{"introduced":"0"},{"last_affected":"2f944d87f694593cf1b8838b91bc9b87cad05068"},{"introduced":"0"},{"last_affected":"f67c13f8f10a6f8e0343a3c3d4e8ad7737ed28ab"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.14.12"},{"introduced":"2.15.0"},{"fixed":"2.15.7"},{"introduced":"0"},{"last_affected":"2.16.0-NA"},{"introduced":"0"},{"last_affected":"2.16.0-rc1"},{"introduced":"0"},{"last_affected":"1.1"},{"introduced":"0"},{"last_affected":"1.2"}]}}],"versions":["0.0.1","0.0.2","0.01","0.3","0.3.1","0.4","0.4.1","0.5","0.6","0.7","0.7.1","0.7.2","0.8","v0.9","v1.0","v1.1","v2.15.0","v2.15.1","v2.15.1rc1","v2.15.2","v2.15.2rc1","v2.15.3","v2.15.3rc1","v2.15.4","v2.15.4rc1","v2.15.5","v2.15.5rc1","v2.15.6","v2.15.6rc1","v2.15.7rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.16.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.16.0-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5764.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}