[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-3828":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":94,"related":95,"reserved_at":9,"published_at":109,"modified_at":110,"state":111,"summary":112,"references_raw":121,"kevs":200,"epss":201,"epss_history":204,"metrics":469,"affected":489},"CVE-2019-3828","Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43],"GHSA-74vq-h4q8-x6jv","PYSEC-2019-5",[],[46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92],{"_key":47},"ALPINE-CVE-2019-3828",{"_key":49},"RHSA-2019:0430",{"_key":51},"RHSA-2019:0431",{"_key":53},"RHSA-2019:0432",{"_key":55},"RHSA-2019:0433",{"_key":57},"RHSA-2019:3744",{"_key":59},"RHSA-2019:3789",{"_key":61},"OPENSUSE-SU-2024:14244-1",{"_key":63},"SUSE-RU-2020:2072-1",{"_key":65},"SUSE-RU-2020:2161-1",{"_key":67},"SUSE-SU-2020:1901-1",{"_key":69},"SUSE-SU-2020:3309-1",{"_key":71},"OPENSUSE-SU-2019:1858-1",{"_key":73},"UBUNTU-CVE-2019-3828",{"_key":75},"OPENSUSE-SU-2019:1125-1",{"_key":77},"OPENSUSE-SU-2019:1635-1",{"_key":79},"OPENSUSE-SU-2024:14536-1",{"_key":81},"OPENSUSE-SU-2025:15753-1",{"_key":83},"DSA-4396-1",{"_key":85},"OPENSUSE-SU-2025:15605-1",{"_key":87},"MGASA-2019-0114",{"_key":89},"USN-4072-1",{"_key":91},"DEBIAN-CVE-2019-3828",{"_key":93},"OPENSUSE-SU-2026:10944-1",[],[96,97,98,99,100,101,102,103,104,105,106,107,108],{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":85},{"_key":87},{"_key":93},"2019-03-27T00:00:00.000Z","2024-08-04T19:19:18.580Z","Modified",{"cisa_kev":113,"cisa_ransomware":113,"cisa_vendor":9,"epss_severity":114,"epss_score":115,"severity":116,"severity_score":117,"severity_version":118,"severity_source":119,"severity_vector":120,"severity_status":111},false,"low",0.00033,"medium",4.2,"v3.0","cve.org","CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",[122,131,137,142,146,150,154,159,163,167,171,175,179,183,187,192,196],{"url":123,"sources":124,"tags":127},"https://github.com/ansible/ansible/pull/52133",[119,125,126],"nvd","osv_pypi",[128,129,130],"Patch","Third Party Advisory","WEB",{"url":132,"sources":133,"tags":134},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828",[119,125,126],[135,128,129,130,136],"Issue Tracking","REPORT",{"url":138,"sources":139,"tags":140},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",[119,125,126],[141,129,130],"Vendor Advisory",{"url":143,"sources":144,"tags":145},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html",[119,125,126],[141,129,130],{"url":147,"sources":148,"tags":149},"https://usn.ubuntu.com/4072-1/",[119,125,126],[141,129,130],{"url":151,"sources":152,"tags":153},"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html",[119,125,126],[141,129,130],{"url":155,"sources":156,"tags":157},"https://access.redhat.com/errata/RHSA-2019:3744",[119,125,126],[141,129,130,158],"Advisory",{"url":160,"sources":161,"tags":162},"https://access.redhat.com/errata/RHSA-2019:3789",[119,125,126],[141,129,130,158],{"url":164,"sources":165,"tags":166},"http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html",[119,125,126],[130],{"url":168,"sources":169,"tags":170},"https://nvd.nist.gov/vuln/detail/CVE-2019-3828",[126],[158],{"url":172,"sources":173,"tags":174},"https://github.com/ansible/ansible/commit/396a2f74717477d80600450e2b7e45349d7b5110",[126],[130],{"url":176,"sources":177,"tags":178},"https://github.com/ansible/ansible/commit/4be3215d2f9f84ca283895879f0c6ce1ed7dd333",[126],[130],{"url":180,"sources":181,"tags":182},"https://github.com/ansible/ansible/commit/f3edc091523fbe301926b7a0db25fbbd96940d93",[126],[130],{"url":184,"sources":185,"tags":186},"https://github.com/advisories/GHSA-74vq-h4q8-x6jv",[126],[158],{"url":188,"sources":189,"tags":190},"https://github.com/ansible/ansible",[126],[191],"PACKAGE",{"url":193,"sources":194,"tags":195},"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-5.yaml",[126],[130],{"url":197,"sources":198,"tags":199},"https://usn.ubuntu.com/4072-1",[126],[130],[],{"date":202,"score":115,"percentile":203},"2026-06-04",0.09976,[205,209,212,215,218,221,224,227,230,233,236,239,242,245,248,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,299,301,303,306,308,311,314,317,320,323,326,329,332,335,338,341,344,346,349,352,355,358,361,364,367,370,373,376,379,381,384,387,390,393,396,399,402,406,408,411,414,417,420,423,426,429,431,434,437,440,443,445,448,451,454,457,460,463,466],{"date":206,"score":207,"percentile":208},"2025-11-04",0.00039,0.11242,{"date":210,"score":207,"percentile":211},"2025-11-05",0.1127,{"date":213,"score":207,"percentile":214},"2025-11-06",0.11389,{"date":216,"score":207,"percentile":217},"2025-11-07",0.11409,{"date":219,"score":207,"percentile":220},"2025-11-08",0.11421,{"date":222,"score":207,"percentile":223},"2025-11-09",0.1139,{"date":225,"score":207,"percentile":226},"2025-11-10",0.11339,{"date":228,"score":207,"percentile":229},"2025-11-11",0.1135,{"date":231,"score":207,"percentile":232},"2025-11-12",0.11377,{"date":234,"score":207,"percentile":235},"2025-11-13",0.11403,{"date":237,"score":207,"percentile":238},"2025-11-14",0.11417,{"date":240,"score":207,"percentile":241},"2025-11-15",0.11419,{"date":243,"score":207,"percentile":244},"2025-11-16",0.11418,{"date":246,"score":207,"percentile":247},"2025-11-17",0.11397,{"date":249,"score":250,"percentile":251},"2025-11-18",0.00155,0.30866,{"date":253,"score":250,"percentile":254},"2025-11-19",0.30884,{"date":256,"score":250,"percentile":257},"2025-11-20",0.3088,{"date":259,"score":207,"percentile":260},"2025-11-21",0.11434,{"date":262,"score":207,"percentile":263},"2025-11-22",0.11445,{"date":265,"score":207,"percentile":266},"2025-11-23",0.11415,{"date":268,"score":207,"percentile":269},"2025-11-24",0.11371,{"date":271,"score":207,"percentile":272},"2025-11-25",0.11373,{"date":274,"score":207,"percentile":275},"2025-11-26",0.11364,{"date":277,"score":207,"percentile":278},"2025-11-27",0.1137,{"date":280,"score":207,"percentile":281},"2025-11-28",0.11366,{"date":283,"score":207,"percentile":284},"2025-11-29",0.11324,{"date":286,"score":207,"percentile":287},"2025-11-30",0.11321,{"date":289,"score":207,"percentile":290},"2025-12-01",0.11358,{"date":292,"score":207,"percentile":293},"2025-12-02",0.11367,{"date":295,"score":207,"percentile":296},"2025-12-03",0.11374,{"date":298,"score":207,"percentile":290},"2025-12-04",{"date":300,"score":207,"percentile":223},"2025-12-05",{"date":302,"score":207,"percentile":247},"2025-12-06",{"date":304,"score":207,"percentile":305},"2025-12-07",0.11387,{"date":307,"score":207,"percentile":223},"2025-12-08",{"date":309,"score":207,"percentile":310},"2025-12-09",0.11436,{"date":312,"score":207,"percentile":313},"2025-12-10",0.11499,{"date":315,"score":207,"percentile":316},"2025-12-11",0.11533,{"date":318,"score":207,"percentile":319},"2025-12-12",0.11563,{"date":321,"score":207,"percentile":322},"2025-12-13",0.11573,{"date":324,"score":207,"percentile":325},"2025-12-14",0.11564,{"date":327,"score":207,"percentile":328},"2025-12-15",0.11515,{"date":330,"score":207,"percentile":331},"2025-12-16",0.11508,{"date":333,"score":207,"percentile":334},"2025-12-17",0.11592,{"date":336,"score":207,"percentile":337},"2025-12-18",0.11639,{"date":339,"score":207,"percentile":340},"2025-12-19",0.11656,{"date":342,"score":207,"percentile":343},"2025-12-20",0.11657,{"date":345,"score":207,"percentile":337},"2025-12-21",{"date":347,"score":207,"percentile":348},"2025-12-22",0.11606,{"date":350,"score":207,"percentile":351},"2025-12-23",0.11605,{"date":353,"score":207,"percentile":354},"2025-12-24",0.11619,{"date":356,"score":207,"percentile":357},"2025-12-25",0.11687,{"date":359,"score":207,"percentile":360},"2025-12-26",0.11669,{"date":362,"score":207,"percentile":363},"2025-12-27",0.11685,{"date":365,"score":207,"percentile":366},"2025-12-28",0.11663,{"date":368,"score":207,"percentile":369},"2025-12-29",0.11612,{"date":371,"score":207,"percentile":372},"2025-12-30",0.11588,{"date":374,"score":207,"percentile":375},"2025-12-31",0.1163,{"date":377,"score":207,"percentile":378},"2026-01-01",0.1167,{"date":380,"score":207,"percentile":343},"2026-01-02",{"date":382,"score":207,"percentile":383},"2026-01-03",0.11618,{"date":385,"score":207,"percentile":386},"2026-01-04",0.11548,{"date":388,"score":207,"percentile":389},"2026-01-05",0.1151,{"date":391,"score":207,"percentile":392},"2026-01-06",0.11519,{"date":394,"score":207,"percentile":395},"2026-01-07",0.11555,{"date":397,"score":207,"percentile":398},"2026-01-08",0.11604,{"date":400,"score":207,"percentile":401},"2026-01-09",0.11631,{"date":403,"score":404,"percentile":405},"2026-01-10",0.00038,0.11347,{"date":407,"score":404,"percentile":284},"2026-01-11",{"date":409,"score":404,"percentile":410},"2026-01-12",0.11296,{"date":412,"score":404,"percentile":413},"2026-01-13",0.11271,{"date":415,"score":404,"percentile":416},"2026-01-14",0.11325,{"date":418,"score":404,"percentile":419},"2026-01-15",0.11331,{"date":421,"score":404,"percentile":422},"2026-01-16",0.11372,{"date":424,"score":404,"percentile":425},"2026-01-17",0.11381,{"date":427,"score":404,"percentile":428},"2026-01-18",0.11336,{"date":430,"score":404,"percentile":413},"2026-01-19",{"date":432,"score":404,"percentile":433},"2026-01-20",0.11252,{"date":435,"score":404,"percentile":436},"2026-01-21",0.11226,{"date":438,"score":404,"percentile":439},"2026-01-22",0.11218,{"date":441,"score":404,"percentile":442},"2026-01-23",0.11307,{"date":444,"score":404,"percentile":278},"2026-01-24",{"date":446,"score":404,"percentile":447},"2026-01-25",0.11326,{"date":449,"score":404,"percentile":450},"2026-01-26",0.11266,{"date":452,"score":404,"percentile":453},"2026-01-27",0.11249,{"date":455,"score":404,"percentile":456},"2026-01-28",0.1124,{"date":458,"score":404,"percentile":459},"2026-01-29",0.11215,{"date":461,"score":404,"percentile":462},"2026-01-30",0.11238,{"date":464,"score":404,"percentile":465},"2026-01-31",0.11248,{"date":467,"score":404,"percentile":468},"2026-02-01",0.11245,[470,475,484],{"source":119,"cvss_v2_0":9,"cvss_v3_0":471,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":117,"baseSeverity":472,"vectorString":120,"impactScore":473,"exploitabilityScore":474},"MEDIUM",4.5,2.8,{"source":125,"cvss_v2_0":476,"cvss_v3_0":481,"cvss_v3_1":482,"cvss_v4_0":9},{"baseScore":477,"baseSeverity":9,"vectorString":478,"impactScore":479,"exploitabilityScore":480},3.3,"AV:L/AC:M/Au:N/C:P/I:P/A:N",4.9,3.4,{"baseScore":117,"baseSeverity":472,"vectorString":120,"impactScore":473,"exploitabilityScore":474},{"baseScore":117,"baseSeverity":472,"vectorString":483,"impactScore":473,"exploitabilityScore":474},"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",{"source":126,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":485,"cvss_v4_0":486},{"baseScore":117,"baseSeverity":9,"vectorString":483,"impactScore":473,"exploitabilityScore":474},{"baseScore":487,"baseSeverity":9,"vectorString":488,"impactScore":9,"exploitabilityScore":9},2.4,"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",[490,513,521],{"ecosystem":491,"name":492,"vendor":491,"product":492,"cpe_part":9,"purl_type":493,"purl_namespace":9,"purl_name":492,"source":9,"versions":494},"PyPI","ansible","pypi",[495,501,506,510],{"version":496,"is_range":497,"range_type":498,"version_start":9,"version_start_type":9,"version_end":499,"version_end_type":500,"fixed_in":9},"lt2_5_15",true,"ecosystem","2.5.15","excluding",{"version":502,"is_range":497,"range_type":498,"version_start":503,"version_start_type":504,"version_end":505,"version_end_type":500,"fixed_in":9},"gte2_6_0a1_lt2_6_14","2.6.0a1","including","2.6.14",{"version":507,"is_range":497,"range_type":498,"version_start":508,"version_start_type":504,"version_end":509,"version_end_type":500,"fixed_in":9},"gte2_7_0a1_lt2_7_8","2.7.0a1","2.7.8",{"version":511,"is_range":497,"range_type":498,"version_start":512,"version_start_type":504,"version_end":509,"version_end_type":500,"fixed_in":9},"gte2_7_0_lt2_7_8","2.7.0",{"ecosystem":9,"name":514,"vendor":515,"product":492,"cpe_part":516,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":517},"Ansible","red hat","a",[518,519,520],{"version":499,"is_range":113,"range_type":119,"version_start":499,"version_start_type":504,"version_end":499,"version_end_type":504,"fixed_in":9},{"version":505,"is_range":113,"range_type":119,"version_start":505,"version_start_type":504,"version_end":505,"version_end_type":504,"fixed_in":9},{"version":509,"is_range":113,"range_type":119,"version_start":509,"version_start_type":504,"version_end":509,"version_end_type":504,"fixed_in":9},{"ecosystem":9,"name":492,"vendor":522,"product":492,"cpe_part":516,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":523},"redhat",[524,528,531],{"version":525,"is_range":497,"range_type":526,"version_start":527,"version_start_type":504,"version_end":499,"version_end_type":500,"fixed_in":9},"gte2.5.0_lt2.5.15","cpe","2.5.0",{"version":529,"is_range":497,"range_type":526,"version_start":530,"version_start_type":504,"version_end":505,"version_end_type":500,"fixed_in":9},"gte2.6.0_lt2.6.14","2.6.0",{"version":532,"is_range":497,"range_type":526,"version_start":512,"version_start_type":504,"version_end":509,"version_end_type":500,"fixed_in":9},"gte2.7.0_lt2.7.8"]