Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/34525?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/34525?format=api", "purl": "pkg:pypi/salt@3006.2", "type": "pypi", "namespace": "", "name": "salt", "version": "3006.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3006.17", "latest_non_vulnerable_version": "3007.9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22309?format=api", "vulnerability_id": "VCID-6w6z-4hxz-87d5", "summary": "Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload\nSalt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62348", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00501", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62348" }, { "reference_url": "https://docs.saltproject.io/en/latest/topics/releases/3006.17.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-30T19:30:12Z/" } ], "url": "https://docs.saltproject.io/en/latest/topics/releases/3006.17.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/issues/68469", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/issues/68469" }, { "reference_url": "https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62348", "reference_id": "CVE-2025-62348", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62348" }, { "reference_url": "https://github.com/advisories/GHSA-77w2-v593-vxvv", "reference_id": "GHSA-77w2-v593-vxvv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77w2-v593-vxvv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72537?format=api", "purl": "pkg:pypi/salt@3006.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.17" } ], "aliases": [ "CVE-2025-62348", "GHSA-77w2-v593-vxvv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6w6z-4hxz-87d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224185?format=api", "vulnerability_id": "VCID-c9nu-n4mq-kfc1", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18914", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34049" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/286d55eb5a6e6bf9428405bdf5632b419bdf8444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/286d55eb5a6e6bf9428405bdf5632b419bdf8444" }, { "reference_url": "https://github.com/saltstack/salt/commit/7a14112f2a16ce70e3c3e1862c92e37af5f2c7a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/7a14112f2a16ce70e3c3e1862c92e37af5f2c7a4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34049", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34049" }, { "reference_url": "https://saltproject.io/security-announcements/2023-10-27-advisory", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://saltproject.io/security-announcements/2023-10-27-advisory" }, { "reference_url": "https://saltproject.io/security-announcements/2023-10-27-advisory/", "reference_id": "2023-10-27-advisory", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:12:53Z/" } ], "url": "https://saltproject.io/security-announcements/2023-10-27-advisory/" }, { "reference_url": "https://github.com/advisories/GHSA-4277-m35q-7c9w", "reference_id": "GHSA-4277-m35q-7c9w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4277-m35q-7c9w" }, { "reference_url": "https://security.gentoo.org/glsa/202412-09", "reference_id": "GLSA-202412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187823?format=api", "purl": "pkg:pypi/salt@3006.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-cs9c-cvk5-97de" }, { "vulnerability": "VCID-cvd2-d8e5-u3fn" }, { "vulnerability": "VCID-gusk-nfvp-ekcy" }, { "vulnerability": "VCID-j5yf-caft-aufh" }, { "vulnerability": "VCID-jbkh-1ht9-5kfu" }, { "vulnerability": "VCID-mg77-6n7j-d7f6" }, { "vulnerability": "VCID-mua7-d84p-1ub7" }, { "vulnerability": "VCID-nvpk-cpym-4yas" }, { "vulnerability": "VCID-qjb5-ptr2-3fbr" }, { "vulnerability": "VCID-s1ed-3bqw-9yhj" }, { "vulnerability": "VCID-yw5j-nzmf-h3e5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.4" } ], "aliases": [ "CVE-2023-34049", "GHSA-4277-m35q-7c9w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9nu-n4mq-kfc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/286086?format=api", "vulnerability_id": "VCID-cs9c-cvk5-97de", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34432", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22236" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:59:59Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:59:59Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22236", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22236" }, { "reference_url": "https://github.com/advisories/GHSA-jh7c-xh74-h76f", "reference_id": "GHSA-jh7c-xh74-h76f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jh7c-xh74-h76f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22236", "GHSA-jh7c-xh74-h76f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs9c-cvk5-97de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/286092?format=api", "vulnerability_id": "VCID-cvd2-d8e5-u3fn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53874", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22242" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:23:55Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:23:55Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/e39116fb87bf4db9bcb9aade8258c66df87d41fe" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22242", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22242" }, { "reference_url": "https://github.com/advisories/GHSA-989c-m532-p2hv", "reference_id": "GHSA-989c-m532-p2hv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-989c-m532-p2hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22242", "GHSA-989c-m532-p2hv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvd2-d8e5-u3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/286087?format=api", "vulnerability_id": "VCID-gusk-nfvp-ekcy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28996", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22237" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:05Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:05Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22237", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22237" }, { "reference_url": "https://github.com/advisories/GHSA-fcr4-h6c4-rvvp", "reference_id": "GHSA-fcr4-h6c4-rvvp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fcr4-h6c4-rvvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22237", "GHSA-fcr4-h6c4-rvvp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gusk-nfvp-ekcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/286089?format=api", "vulnerability_id": "VCID-j5yf-caft-aufh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34432", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22239" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:50:17Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:50:17Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/41d834bf800d86fc496e4fac2d3875fc2aca7c62" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22239", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22239" }, { "reference_url": "https://github.com/advisories/GHSA-c46w-gr7f-jm2p", "reference_id": "GHSA-c46w-gr7f-jm2p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c46w-gr7f-jm2p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22239", "GHSA-c46w-gr7f-jm2p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5yf-caft-aufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/286091?format=api", "vulnerability_id": "VCID-jbkh-1ht9-5kfu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3388", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22241" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:24:21Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T15:24:21Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/9445f496fed61b15dc4364818007e5b765b0746f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22241", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22241" }, { "reference_url": "https://github.com/advisories/GHSA-7f3f-x5f5-79gw", "reference_id": "GHSA-7f3f-x5f5-79gw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7f3f-x5f5-79gw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22241", "GHSA-7f3f-x5f5-79gw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbkh-1ht9-5kfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259089?format=api", "vulnerability_id": "VCID-mg77-6n7j-d7f6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31094", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38825" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:00:49Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:00:49Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/5ff18fd0ececdfd083ddce693c3ccef30e44f155" }, { "reference_url": "https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/d7cb64e44db5f82fd615373f5dca2eb1fb29bbab" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38825", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38825" }, { "reference_url": "https://github.com/advisories/GHSA-4j59-vv55-q6h3", "reference_id": "GHSA-4j59-vv55-q6h3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4j59-vv55-q6h3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2024-38825", "GHSA-4j59-vv55-q6h3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mg77-6n7j-d7f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/286090?format=api", "vulnerability_id": "VCID-mua7-d84p-1ub7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26326", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22240" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:40:39Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-13T13:40:39Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/f7c28ffbf18dbf693a15b1ba9493918de3e88cf3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22240", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22240" }, { "reference_url": "https://github.com/advisories/GHSA-xh32-3m67-qjgf", "reference_id": "GHSA-xh32-3m67-qjgf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xh32-3m67-qjgf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22240", "GHSA-xh32-3m67-qjgf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mua7-d84p-1ub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/247551?format=api", "vulnerability_id": "VCID-nvpk-cpym-4yas", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69208", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22231" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab" }, { "reference_url": "https://saltproject.io/security-announcements/2024-01-31-advisory", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://saltproject.io/security-announcements/2024-01-31-advisory" }, { "reference_url": "https://saltproject.io/security-announcements/2024-01-31-advisory/", "reference_id": "2024-01-31-advisory", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T14:45:17Z/" } ], "url": "https://saltproject.io/security-announcements/2024-01-31-advisory/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22231", "reference_id": "CVE-2024-22231", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22231" }, { "reference_url": "https://github.com/advisories/GHSA-q27c-j6j9-53w3", "reference_id": "GHSA-q27c-j6j9-53w3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q27c-j6j9-53w3" }, { "reference_url": "https://security.gentoo.org/glsa/202412-09", "reference_id": "GLSA-202412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81857?format=api", "purl": "pkg:pypi/salt@3006.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-cs9c-cvk5-97de" }, { "vulnerability": "VCID-cvd2-d8e5-u3fn" }, { "vulnerability": "VCID-gusk-nfvp-ekcy" }, { "vulnerability": "VCID-j5yf-caft-aufh" }, { "vulnerability": "VCID-jbkh-1ht9-5kfu" }, { "vulnerability": "VCID-mg77-6n7j-d7f6" }, { "vulnerability": "VCID-mua7-d84p-1ub7" }, { "vulnerability": "VCID-s1ed-3bqw-9yhj" }, { "vulnerability": "VCID-yw5j-nzmf-h3e5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.6" } ], "aliases": [ "CVE-2024-22231", "GHSA-q27c-j6j9-53w3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvpk-cpym-4yas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/247552?format=api", "vulnerability_id": "VCID-qjb5-ptr2-3fbr", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63436", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22232" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab" }, { "reference_url": "https://saltproject.io/security-announcements/2024-01-31-advisory", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://saltproject.io/security-announcements/2024-01-31-advisory" }, { "reference_url": "https://saltproject.io/security-announcements/2024-01-31-advisory/", "reference_id": "2024-01-31-advisory", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-27T14:41:55Z/" } ], "url": "https://saltproject.io/security-announcements/2024-01-31-advisory/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22232", "reference_id": "CVE-2024-22232", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22232" }, { "reference_url": "https://github.com/advisories/GHSA-2qw3-2wv6-p64x", "reference_id": "GHSA-2qw3-2wv6-p64x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qw3-2wv6-p64x" }, { "reference_url": "https://security.gentoo.org/glsa/202412-09", "reference_id": "GLSA-202412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81857?format=api", "purl": "pkg:pypi/salt@3006.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-cs9c-cvk5-97de" }, { "vulnerability": "VCID-cvd2-d8e5-u3fn" }, { "vulnerability": "VCID-gusk-nfvp-ekcy" }, { "vulnerability": "VCID-j5yf-caft-aufh" }, { "vulnerability": "VCID-jbkh-1ht9-5kfu" }, { "vulnerability": "VCID-mg77-6n7j-d7f6" }, { "vulnerability": "VCID-mua7-d84p-1ub7" }, { "vulnerability": "VCID-s1ed-3bqw-9yhj" }, { "vulnerability": "VCID-yw5j-nzmf-h3e5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.6" } ], "aliases": [ "CVE-2024-22232", "GHSA-2qw3-2wv6-p64x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjb5-ptr2-3fbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/286088?format=api", "vulnerability_id": "VCID-s1ed-3bqw-9yhj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57255", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22238" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:54:45Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T13:54:45Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/4b30218edf1a979855ea191d72b30c89f4a5a582" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22238", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22238" }, { "reference_url": "https://github.com/advisories/GHSA-r546-h3ff-q585", "reference_id": "GHSA-r546-h3ff-q585", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r546-h3ff-q585" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2025-22238", "GHSA-r546-h3ff-q585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1ed-3bqw-9yhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259088?format=api", "vulnerability_id": "VCID-yw5j-nzmf-h3e5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59627", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38824" }, { "reference_url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:04Z/" } ], "url": "https://docs.saltproject.io/en/3006/topics/releases/3006.12.html" }, { "reference_url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-14T03:56:04Z/" } ], "url": "https://docs.saltproject.io/en/3007/topics/releases/3007.4.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt/commit/c4ad23f0f3132d8d8a88f19fa537dc42cf21b215" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38824", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38824" }, { "reference_url": "https://github.com/advisories/GHSA-8pcp-r83j-fc92", "reference_id": "GHSA-8pcp-r83j-fc92", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8pcp-r83j-fc92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72538?format=api", "purl": "pkg:pypi/salt@3006.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/72539?format=api", "purl": "pkg:pypi/salt@3007.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bk7r-xp75-8qdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3007.4" } ], "aliases": [ "CVE-2024-38824", "GHSA-8pcp-r83j-fc92" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yw5j-nzmf-h3e5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8877?format=api", "vulnerability_id": "VCID-6y9z-4cqf-dbhh", "summary": "Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35811", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20897" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-166.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL" }, { "reference_url": "https://saltproject.io/security-announcements/2023-08-10-advisory", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://saltproject.io/security-announcements/2023-08-10-advisory" }, { "reference_url": "https://saltproject.io/security-announcements/2023-08-10-advisory/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:24:32Z/" } ], "url": "https://saltproject.io/security-announcements/2023-08-10-advisory/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20897", "reference_id": "CVE-2023-20897", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20897" }, { "reference_url": "https://github.com/advisories/GHSA-vpjg-wmf8-29h9", "reference_id": "GHSA-vpjg-wmf8-29h9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vpjg-wmf8-29h9" }, { "reference_url": "https://security.gentoo.org/glsa/202412-09", "reference_id": "GLSA-202412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-09" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/", "reference_id": "OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:24:32Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34526?format=api", "purl": "pkg:pypi/salt@3005.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-c9nu-n4mq-kfc1" }, { "vulnerability": "VCID-nvpk-cpym-4yas" }, { "vulnerability": "VCID-qjb5-ptr2-3fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34525?format=api", "purl": "pkg:pypi/salt@3006.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-c9nu-n4mq-kfc1" }, { "vulnerability": "VCID-cs9c-cvk5-97de" }, { "vulnerability": "VCID-cvd2-d8e5-u3fn" }, { "vulnerability": "VCID-gusk-nfvp-ekcy" }, { "vulnerability": "VCID-j5yf-caft-aufh" }, { "vulnerability": "VCID-jbkh-1ht9-5kfu" }, { "vulnerability": "VCID-mg77-6n7j-d7f6" }, { "vulnerability": "VCID-mua7-d84p-1ub7" }, { "vulnerability": "VCID-nvpk-cpym-4yas" }, { "vulnerability": "VCID-qjb5-ptr2-3fbr" }, { "vulnerability": "VCID-s1ed-3bqw-9yhj" }, { "vulnerability": "VCID-yw5j-nzmf-h3e5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2" } ], "aliases": [ "CVE-2023-20897", "GHSA-vpjg-wmf8-29h9", "PYSEC-2023-166" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6y9z-4cqf-dbhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8878?format=api", "vulnerability_id": "VCID-r3m9-163d-myff", "summary": "Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25586", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20898" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-169.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2023-169.yaml" }, { "reference_url": "https://github.com/saltstack/salt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/saltstack/salt" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL" }, { "reference_url": "https://saltproject.io/security-announcements/2023-08-10-advisory", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://saltproject.io/security-announcements/2023-08-10-advisory" }, { "reference_url": "https://saltproject.io/security-announcements/2023-08-10-advisory/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:44:22Z/" } ], "url": "https://saltproject.io/security-announcements/2023-08-10-advisory/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20898", "reference_id": "CVE-2023-20898", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20898" }, { "reference_url": "https://github.com/advisories/GHSA-qvh6-3j7x-3hq7", "reference_id": "GHSA-qvh6-3j7x-3hq7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvh6-3j7x-3hq7" }, { "reference_url": "https://security.gentoo.org/glsa/202412-09", "reference_id": "GLSA-202412-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-09" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/", "reference_id": "OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T15:44:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34526?format=api", "purl": "pkg:pypi/salt@3005.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-c9nu-n4mq-kfc1" }, { "vulnerability": "VCID-nvpk-cpym-4yas" }, { "vulnerability": "VCID-qjb5-ptr2-3fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/34525?format=api", "purl": "pkg:pypi/salt@3006.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w6z-4hxz-87d5" }, { "vulnerability": "VCID-c9nu-n4mq-kfc1" }, { "vulnerability": "VCID-cs9c-cvk5-97de" }, { "vulnerability": "VCID-cvd2-d8e5-u3fn" }, { "vulnerability": "VCID-gusk-nfvp-ekcy" }, { "vulnerability": "VCID-j5yf-caft-aufh" }, { "vulnerability": "VCID-jbkh-1ht9-5kfu" }, { "vulnerability": "VCID-mg77-6n7j-d7f6" }, { "vulnerability": "VCID-mua7-d84p-1ub7" }, { "vulnerability": "VCID-nvpk-cpym-4yas" }, { "vulnerability": "VCID-qjb5-ptr2-3fbr" }, { "vulnerability": "VCID-s1ed-3bqw-9yhj" }, { "vulnerability": "VCID-yw5j-nzmf-h3e5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2" } ], "aliases": [ "CVE-2023-20898", "GHSA-qvh6-3j7x-3hq7", "PYSEC-2023-169" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3m9-163d-myff" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.2" }