[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2015-6240":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":195,"aliases":196,"duplicate_of":9,"upstream":199,"downstream":200,"duplicates":209,"related":210,"reserved_at":9,"published_at":211,"modified_at":212,"state":213,"summary":214,"references_raw":223,"kevs":269,"epss":270,"epss_history":273,"metrics":539,"affected":555},"CVE-2015-6240","The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[197,198],"GHSA-wwwh-47wp-m522","PYSEC-2017-3",[],[201,203,205,207],{"_key":202},"UBUNTU-CVE-2015-6240",{"_key":204},"DLA-1923-1",{"_key":206},"DEBIAN-CVE-2015-6240",{"_key":208},"USN-7330-1",[],[],"2017-06-07T20:00:00.000Z","2024-08-06T07:15:13.380Z","Modified",{"cisa_kev":215,"cisa_ransomware":215,"cisa_vendor":9,"epss_severity":216,"epss_score":217,"severity":218,"severity_score":219,"severity_version":220,"severity_source":221,"severity_vector":222,"severity_status":213},false,"low",0.00043,"high",7.8,"v3.0","nvd","CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[224,234,241,247,251,255,260,265],{"url":225,"sources":226,"tags":229},"https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b",[227,221,228],"cve.org","osv_pypi",[230,231,232,233],"X Refsource CONFIRM","Patch","WEB","FIX",{"url":235,"sources":236,"tags":237},"http://www.openwall.com/lists/oss-security/2015/08/17/10",[227,221,228],[238,239,240,232],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":242,"sources":243,"tags":244},"https://bugzilla.redhat.com/show_bug.cgi?id=1243468",[227,221,228],[230,245,240,232,246],"Issue Tracking","REPORT",{"url":248,"sources":249,"tags":250},"https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647",[227,221,228],[230,231,232,233],{"url":252,"sources":253,"tags":254},"https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",[227,221,228],[238,239,232],{"url":256,"sources":257,"tags":258},"https://nvd.nist.gov/vuln/detail/CVE-2015-6240",[228],[259],"Advisory",{"url":261,"sources":262,"tags":263},"https://github.com/ansible/ansible",[228],[264],"PACKAGE",{"url":266,"sources":267,"tags":268},"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2017-3.yaml",[228],[232],[],{"date":271,"score":217,"percentile":272},"2026-06-04",0.13416,[274,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,353,356,359,362,365,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427,430,432,435,438,441,444,447,450,453,456,459,462,465,468,471,474,477,480,483,486,489,492,494,497,500,503,506,508,511,514,517,520,523,525,527,530,533,536],{"date":275,"score":276,"percentile":277},"2025-11-04",0.00029,0.06962,{"date":279,"score":276,"percentile":280},"2025-11-05",0.06984,{"date":282,"score":276,"percentile":283},"2025-11-06",0.07101,{"date":285,"score":276,"percentile":286},"2025-11-07",0.07125,{"date":288,"score":276,"percentile":289},"2025-11-08",0.07119,{"date":291,"score":276,"percentile":292},"2025-11-09",0.07091,{"date":294,"score":276,"percentile":295},"2025-11-10",0.07058,{"date":297,"score":276,"percentile":298},"2025-11-11",0.07083,{"date":300,"score":276,"percentile":301},"2025-11-12",0.07075,{"date":303,"score":276,"percentile":304},"2025-11-13",0.07108,{"date":306,"score":276,"percentile":307},"2025-11-14",0.07149,{"date":309,"score":276,"percentile":310},"2025-11-15",0.07175,{"date":312,"score":276,"percentile":313},"2025-11-16",0.07186,{"date":315,"score":276,"percentile":316},"2025-11-17",0.07176,{"date":318,"score":276,"percentile":319},"2025-11-18",0.04256,{"date":321,"score":276,"percentile":322},"2025-11-19",0.04296,{"date":324,"score":276,"percentile":325},"2025-11-20",0.04354,{"date":327,"score":276,"percentile":328},"2025-11-21",0.0729,{"date":330,"score":276,"percentile":331},"2025-11-22",0.07294,{"date":333,"score":276,"percentile":334},"2025-11-23",0.07287,{"date":336,"score":276,"percentile":337},"2025-11-24",0.07272,{"date":339,"score":276,"percentile":340},"2025-11-25",0.07279,{"date":342,"score":276,"percentile":343},"2025-11-26",0.07285,{"date":345,"score":276,"percentile":346},"2025-11-27",0.07282,{"date":348,"score":276,"percentile":349},"2025-11-28",0.07268,{"date":351,"score":276,"percentile":352},"2025-11-29",0.07309,{"date":354,"score":276,"percentile":355},"2025-11-30",0.07316,{"date":357,"score":276,"percentile":358},"2025-12-01",0.07356,{"date":360,"score":276,"percentile":361},"2025-12-02",0.0737,{"date":363,"score":276,"percentile":364},"2025-12-03",0.0739,{"date":366,"score":276,"percentile":361},"2025-12-04",{"date":368,"score":276,"percentile":369},"2025-12-05",0.07412,{"date":371,"score":276,"percentile":372},"2025-12-06",0.07425,{"date":374,"score":276,"percentile":375},"2025-12-07",0.07424,{"date":377,"score":276,"percentile":378},"2025-12-08",0.07439,{"date":380,"score":276,"percentile":381},"2025-12-09",0.07491,{"date":383,"score":276,"percentile":384},"2025-12-10",0.0756,{"date":386,"score":276,"percentile":387},"2025-12-11",0.07569,{"date":389,"score":276,"percentile":390},"2025-12-12",0.07582,{"date":392,"score":276,"percentile":393},"2025-12-13",0.07592,{"date":395,"score":276,"percentile":396},"2025-12-14",0.07577,{"date":398,"score":276,"percentile":399},"2025-12-15",0.07521,{"date":401,"score":276,"percentile":402},"2025-12-16",0.07557,{"date":404,"score":276,"percentile":405},"2025-12-17",0.07645,{"date":407,"score":276,"percentile":408},"2025-12-18",0.07708,{"date":410,"score":276,"percentile":411},"2025-12-19",0.07696,{"date":413,"score":276,"percentile":414},"2025-12-20",0.07687,{"date":416,"score":276,"percentile":417},"2025-12-21",0.07667,{"date":419,"score":276,"percentile":420},"2025-12-22",0.07618,{"date":422,"score":276,"percentile":423},"2025-12-23",0.07599,{"date":425,"score":276,"percentile":426},"2025-12-24",0.07611,{"date":428,"score":276,"percentile":429},"2025-12-25",0.07689,{"date":431,"score":276,"percentile":411},"2025-12-26",{"date":433,"score":276,"percentile":434},"2025-12-27",0.07685,{"date":436,"score":276,"percentile":437},"2025-12-28",0.07697,{"date":439,"score":276,"percentile":440},"2025-12-29",0.07678,{"date":442,"score":276,"percentile":443},"2025-12-30",0.07648,{"date":445,"score":276,"percentile":446},"2025-12-31",0.07679,{"date":448,"score":276,"percentile":449},"2026-01-01",0.07748,{"date":451,"score":276,"percentile":452},"2026-01-02",0.07747,{"date":454,"score":276,"percentile":455},"2026-01-03",0.07752,{"date":457,"score":276,"percentile":458},"2026-01-04",0.0768,{"date":460,"score":276,"percentile":461},"2026-01-05",0.07631,{"date":463,"score":276,"percentile":464},"2026-01-06",0.07621,{"date":466,"score":276,"percentile":467},"2026-01-07",0.07654,{"date":469,"score":276,"percentile":470},"2026-01-08",0.07728,{"date":472,"score":276,"percentile":473},"2026-01-09",0.07738,{"date":475,"score":276,"percentile":476},"2026-01-10",0.07761,{"date":478,"score":276,"percentile":479},"2026-01-11",0.07746,{"date":481,"score":276,"percentile":482},"2026-01-12",0.07721,{"date":484,"score":276,"percentile":485},"2026-01-13",0.07694,{"date":487,"score":276,"percentile":488},"2026-01-14",0.07729,{"date":490,"score":276,"percentile":491},"2026-01-15",0.07727,{"date":493,"score":276,"percentile":449},"2026-01-16",{"date":495,"score":276,"percentile":496},"2026-01-17",0.07759,{"date":498,"score":276,"percentile":499},"2026-01-18",0.0774,{"date":501,"score":276,"percentile":502},"2026-01-19",0.0771,{"date":504,"score":276,"percentile":505},"2026-01-20",0.0767,{"date":507,"score":276,"percentile":467},"2026-01-21",{"date":509,"score":276,"percentile":510},"2026-01-22",0.0764,{"date":512,"score":276,"percentile":513},"2026-01-23",0.07736,{"date":515,"score":276,"percentile":516},"2026-01-24",0.07784,{"date":518,"score":276,"percentile":519},"2026-01-25",0.07768,{"date":521,"score":276,"percentile":522},"2026-01-26",0.07733,{"date":524,"score":276,"percentile":482},"2026-01-27",{"date":526,"score":276,"percentile":434},"2026-01-28",{"date":528,"score":276,"percentile":529},"2026-01-29",0.07663,{"date":531,"score":276,"percentile":532},"2026-01-30",0.07673,{"date":534,"score":276,"percentile":535},"2026-01-31",0.07691,{"date":537,"score":276,"percentile":538},"2026-02-01",0.07718,[540,550],{"source":221,"cvss_v2_0":541,"cvss_v3_0":546,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":542,"baseSeverity":9,"vectorString":543,"impactScore":544,"exploitabilityScore":545},7.2,"AV:L/AC:L/Au:N/C:C/I:C/A:C",10,3.9,{"baseScore":219,"baseSeverity":547,"vectorString":222,"impactScore":548,"exploitabilityScore":549},"HIGH",9.8,4.6,{"source":228,"cvss_v2_0":9,"cvss_v3_0":551,"cvss_v3_1":9,"cvss_v4_0":552},{"baseScore":219,"baseSeverity":9,"vectorString":222,"impactScore":548,"exploitabilityScore":549},{"baseScore":553,"baseSeverity":9,"vectorString":554,"impactScore":9,"exploitabilityScore":9},8.5,"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[556,570],{"ecosystem":557,"name":558,"vendor":557,"product":558,"cpe_part":9,"purl_type":559,"purl_namespace":9,"purl_name":558,"source":9,"versions":560},"PyPI","ansible","pypi",[561,567],{"version":562,"is_range":563,"range_type":564,"version_start":9,"version_start_type":9,"version_end":565,"version_end_type":566,"fixed_in":9},"lt952166f48eb0f5797b75b160fd156bbe1e8fc647",true,"ecosystem","952166f48eb0f5797b75b160fd156bbe1e8fc647","excluding",{"version":568,"is_range":563,"range_type":564,"version_start":9,"version_start_type":9,"version_end":569,"version_end_type":566,"fixed_in":9},"lt1_9_2","1.9.2",{"ecosystem":9,"name":558,"vendor":571,"product":558,"cpe_part":572,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":573},"redhat","a",[574],{"version":575,"is_range":563,"range_type":576,"version_start":9,"version_start_type":9,"version_end":577,"version_end_type":578,"fixed_in":9},"lte1.9.1","cpe","1.9.1","including"]