diff --git a/CVE-2020-10744.patch b/CVE-2020-10744.patch
new file mode 100644
index 0000000000000000000000000000000000000000..06c910e6cc392c0f03247c6b44d50dd61e2af8c4
--- /dev/null
+++ b/CVE-2020-10744.patch
@@ -0,0 +1,25 @@
+From 51a44fb3cdb970c1b6836cdbb1504b7618303d7f Mon Sep 17 00:00:00 2001
+From: Brian Kohles <briankohles@users.noreply.github.com>
+Date: Fri, 17 Sep 2021 11:16:13 +0800
+Subject: [PATCH] Fix missing quoting for remote_tmp in second mkdir of
+shell module.Issue #69577
+
+---
+ lib/ansible/plugins/shell/__init__.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/ansible/plugins/shell/__init__.py b/lib/ansible/plugins/shell/__init__.py
+index 0c035b1..29f6b55 100644
+--- a/lib/ansible/plugins/shell/__init__.py
++++ b/lib/ansible/plugins/shell/__init__.py
+@@ -152,6 +152,7 @@ class ShellBase(AnsiblePlugin):
+         basetmp = self.join_path(basetmpdir, basefile)
+ 
+         cmd = 'mkdir -p %s echo %s %s' % (self._SHELL_SUB_LEFT, basetmp, self._SHELL_SUB_RIGHT)
++        cmd += '%s mkdir %s echo %s' % (self._SHELL_AND,self._SHELL_SUB_LEFT,basetmp,self._SHELL_SUB_RIGHT)
+         cmd += ' %s echo %s=%s echo %s %s' % (self._SHELL_AND, basefile, self._SHELL_SUB_LEFT, basetmp, self._SHELL_SUB_RIGHT)
+ 
+         # change the umask in a subshell to achieve the desired mode
+-- 
+2.27.0
+
diff --git a/ansible.spec b/ansible.spec
index 65aaa38a9c5e7bc2c8da9e476ac9f3b30b40cb95..e1bacd0cde9c532774af59c2299ee153c566d8f5 100644
--- a/ansible.spec
+++ b/ansible.spec
@@ -3,12 +3,13 @@
 Name:                ansible
 Summary:             SSH-based configuration management, deployment, and task execution system
 Version:             2.5.5
-Release:             1
+Release:             2
 License:             Python-2.0 and MIT and GPL+
 Url:                 http://ansible.com
 Source0:             https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz
 Patch0:              0001-Changes-to-support-building-docs-with-old-jinja2.patch
 Patch100:            ansible-newer-jinja.patch
+Patch101:            CVE-2020-10744.patch
 BuildArch:           noarch
 Provides:            ansible-fireball = %{version}-%{release}
 Obsoletes:           ansible-fireball < 1.2.4
@@ -63,6 +64,7 @@ This package installs extensive documentation for ansible
 %setup -q
 %patch0 -p1
 %patch100 -p1
+%patch101 -p1
 %if 0%{?with_python3}
 rm -rf %{py3dir}
 cp -a . %{py3dir}
@@ -123,5 +125,8 @@ cp -pr docs/docsite/rst .
 %endif
 
 %changelog
+* Fri Sep 17 2021 liwu<liwu13@huawei.com> - 2.5.5-2
+- fix CVE-2020-10744
+
 * Tue Jan 12 2021 yanan li <liyanan32@huawei.com> - 2.5.5-1
 - Package init