The file was added in #62 as part of the win_psmodule_info integration test suite. I don't think this is a security problem, since that program which has the vulnerabilities is not used (and thus the vulnerabilities have no affect), but it will be flagged by some security scanners when looking at the collection (when installed via ansible-galaxy collection install, for example in EEs), or when scanning the Ansible community package source distribution.
It's probably a good idea to upgrade that program, or replace it by something even more harmless.
SUMMARY
Ref: https://forum.ansible.com/t/ansible-vault-0-3-0-vulnerability/3256/2
The file was added in #62 as part of the win_psmodule_info integration test suite. I don't think this is a security problem, since that program which has the vulnerabilities is not used (and thus the vulnerabilities have no affect), but it will be flagged by some security scanners when looking at the collection (when installed via
ansible-galaxy collection install
, for example in EEs), or when scanning the Ansible community package source distribution.It's probably a good idea to upgrade that program, or replace it by something even more harmless.
ISSUE TYPE
COMPONENT NAME
win_psmodule_info integration tests