Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/77327?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/77327?format=api", "purl": "pkg:pypi/salt@2018.2.0", "type": "pypi", "namespace": "", "name": "salt", "version": "2018.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3005.2", "latest_non_vulnerable_version": "3007.9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8050?format=api", "vulnerability_id": "VCID-49dv-x94w-suda", "summary": "An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09933", "scoring_system": "epss", "scoring_elements": "0.9315", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3197" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-57.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-57.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2375" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L38" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L38" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L38" }, { "reference_url": "https://github.com/saltstack/salt/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3197", "reference_id": "CVE-2021-3197", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3197" }, { "reference_url": "https://github.com/advisories/GHSA-8rp6-x3r7-5qw3", "reference_id": "GHSA-8rp6-x3r7-5qw3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8rp6-x3r7-5qw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2021-3197", "GHSA-8rp6-x3r7-5qw3", "PYSEC-2021-57" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49dv-x94w-suda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7995?format=api", "vulnerability_id": "VCID-9agn-habm-fkh7", "summary": "In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html" }, { "reference_url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.44938", "scoring_system": "epss", "scoring_elements": "0.97645", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25592" }, { "reference_url": "https://docs.saltstack.com/en/latest/topics/releases/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.saltstack.com/en/latest/topics/releases/index.html" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-106.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-106.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.7.rst#L12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.7.rst#L12" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.5.rst#L12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.5.rst#L12" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.3.rst#L12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.3.rst#L12" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L14" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/" }, { "reference_url": "https://security.gentoo.org/glsa/202011-13", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-13" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4837" }, { "reference_url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves" }, { "reference_url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25592", "reference_id": "CVE-2020-25592", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25592" }, { "reference_url": "https://github.com/advisories/GHSA-29j3-2446-5j4w", "reference_id": "GHSA-29j3-2446-5j4w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29j3-2446-5j4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13626?format=api", "purl": "pkg:pypi/salt@2018.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18962?format=api", "purl": "pkg:pypi/salt@2019.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/17462?format=api", "purl": "pkg:pypi/salt@3000.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18964?format=api", "purl": "pkg:pypi/salt@3000.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18968?format=api", "purl": "pkg:pypi/salt@3001.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18970?format=api", "purl": "pkg:pypi/salt@3002.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.1" } ], "aliases": [ "CVE-2020-25592", "GHSA-29j3-2446-5j4w", "PYSEC-2020-106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9agn-habm-fkh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8053?format=api", "vulnerability_id": "VCID-bddr-7e3e-gfch", "summary": "An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93846", "scoring_system": "epss", "scoring_elements": "0.99873", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25281" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-50.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-50.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L28", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L28" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L28", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L28" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L28", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L28" }, { "reference_url": "https://github.com/saltstack/salt/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21" }, { "reference_url": "https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25281", "reference_id": "CVE-2021-25281", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25281" }, { "reference_url": "https://github.com/advisories/GHSA-xxw3-765m-f37p", "reference_id": "GHSA-xxw3-765m-f37p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxw3-765m-f37p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2021-25281", "GHSA-xxw3-765m-f37p", "PYSEC-2021-50" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bddr-7e3e-gfch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8051?format=api", "vulnerability_id": "VCID-dqnw-edrq-hka2", "summary": "An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10038", "scoring_system": "epss", "scoring_elements": "0.93194", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25283" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-52.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-52.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L34", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L34" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.5.rst#L12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.5.rst#L12" }, { "reference_url": "https://github.com/saltstack/salt/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25283", "reference_id": "CVE-2021-25283", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25283" }, { "reference_url": "https://github.com/advisories/GHSA-xgmh-gfxw-2hvv", "reference_id": "GHSA-xgmh-gfxw-2hvv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xgmh-gfxw-2hvv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2021-25283", "GHSA-xgmh-gfxw-2hvv", "PYSEC-2021-52" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqnw-edrq-hka2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8047?format=api", "vulnerability_id": "VCID-eq7b-wcab-rqfq", "summary": "An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07332", "scoring_system": "epss", "scoring_elements": "0.91814", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3148" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-55.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-55.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2374" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L23" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L23" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L23" }, { "reference_url": "https://github.com/saltstack/salt/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3148", "reference_id": "CVE-2021-3148", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3148" }, { "reference_url": "https://github.com/advisories/GHSA-ghc2-hx3w-jqmp", "reference_id": "GHSA-ghc2-hx3w-jqmp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ghc2-hx3w-jqmp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2021-3148", "GHSA-ghc2-hx3w-jqmp", "PYSEC-2021-55" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7b-wcab-rqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8049?format=api", "vulnerability_id": "VCID-fgrx-cjat-x7dc", "summary": "In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74394", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28972" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-74.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-74.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2358" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L14" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L14" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L14" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28972", "reference_id": "CVE-2020-28972", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28972" }, { "reference_url": "https://github.com/advisories/GHSA-w589-r335-4f55", "reference_id": "GHSA-w589-r335-4f55", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w589-r335-4f55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2020-28972", "GHSA-w589-r335-4f55", "PYSEC-2021-74" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgrx-cjat-x7dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8046?format=api", "vulnerability_id": "VCID-k7nb-cgu8-tye8", "summary": "An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01408", "scoring_system": "epss", "scoring_elements": "0.808", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28243" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-73.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-73.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L12" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L12" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L12" }, { "reference_url": "https://github.com/stealthcopter/CVE-2020-28243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/stealthcopter/CVE-2020-28243" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://sec.stealthcopter.com/cve-2020-28243/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sec.stealthcopter.com/cve-2020-28243/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28243", "reference_id": "CVE-2020-28243", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28243" }, { "reference_url": "https://sec.stealthcopter.com/cve-2020-28243", "reference_id": "CVE-2020-28243", "reference_type": "", "scores": [], "url": "https://sec.stealthcopter.com/cve-2020-28243" }, { "reference_url": "https://github.com/advisories/GHSA-phhw-3wc9-8q75", "reference_id": "GHSA-phhw-3wc9-8q75", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-phhw-3wc9-8q75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2020-28243", "GHSA-phhw-3wc9-8q75", "PYSEC-2021-73" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7nb-cgu8-tye8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8048?format=api", "vulnerability_id": "VCID-kfjs-6e5q-j3aj", "summary": "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05481", "scoring_system": "epss", "scoring_elements": "0.9035", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3144" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-54.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-54.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2373" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L26", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L26" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L26", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L26" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L26", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L26" }, { "reference_url": "https://github.com/saltstack/salt/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3144", "reference_id": "CVE-2021-3144", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3144" }, { "reference_url": "https://github.com/advisories/GHSA-w2hr-3mc8-46gh", "reference_id": "GHSA-w2hr-3mc8-46gh", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2hr-3mc8-46gh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2021-3144", "GHSA-w2hr-3mc8-46gh", "PYSEC-2021-54" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfjs-6e5q-j3aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8055?format=api", "vulnerability_id": "VCID-n3sc-mzk3-n7cg", "summary": "An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/162058/SaltStack-Salt-API-Unauthenticated-Remote-Command-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91286", "scoring_system": "epss", "scoring_elements": "0.9967", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25282" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-51.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-51.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L31", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L31" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L31", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L31" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L31", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L31" }, { "reference_url": "https://github.com/saltstack/salt/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25282", "reference_id": "CVE-2021-25282", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25282" }, { "reference_url": "https://github.com/advisories/GHSA-76x4-x3p6-rpr9", "reference_id": "GHSA-76x4-x3p6-rpr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76x4-x3p6-rpr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2021-25282", "GHSA-76x4-x3p6-rpr9", "PYSEC-2021-51" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3sc-mzk3-n7cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7994?format=api", "vulnerability_id": "VCID-qupk-axwe-k7dq", "summary": "An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html" }, { "reference_url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94387", "scoring_system": "epss", "scoring_elements": "0.99972", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16846" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-104.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-104.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L12" }, { "reference_url": "https://github.com/saltstack/salt/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/" }, { "reference_url": "https://security.gentoo.org/glsa/202011-13", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-13" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-16846" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4837" }, { "reference_url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves" }, { "reference_url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1379/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1380/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1381/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1382/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1383/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16846", "reference_id": "CVE-2020-16846", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16846" }, { "reference_url": "https://github.com/advisories/GHSA-qr38-h96j-2j3w", "reference_id": "GHSA-qr38-h96j-2j3w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qr38-h96j-2j3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13626?format=api", "purl": "pkg:pypi/salt@2018.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18961?format=api", "purl": "pkg:pypi/salt@2019.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/17462?format=api", "purl": "pkg:pypi/salt@3000.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18963?format=api", "purl": "pkg:pypi/salt@3000.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18967?format=api", "purl": "pkg:pypi/salt@3001.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/18970?format=api", "purl": "pkg:pypi/salt@3002.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.1" } ], "aliases": [ "CVE-2020-16846", "GHSA-qr38-h96j-2j3w", "PYSEC-2020-104" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qupk-axwe-k7dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8054?format=api", "vulnerability_id": "VCID-w6j4-qrr2-3qae", "summary": "In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0075", "scoring_system": "epss", "scoring_elements": "0.73448", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35662" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-75.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-75.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L18" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L18" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L18" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35662", "reference_id": "CVE-2020-35662", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35662" }, { "reference_url": "https://github.com/advisories/GHSA-qx72-q6w3-qgc7", "reference_id": "GHSA-qx72-q6w3-qgc7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qx72-q6w3-qgc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2020-35662", "GHSA-qx72-q6w3-qgc7", "PYSEC-2021-75" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6j4-qrr2-3qae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8052?format=api", "vulnerability_id": "VCID-wvyr-dwg5-cya3", "summary": "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05976", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25284" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-53.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-53.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L37", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L37" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L37", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L37" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L37", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L37" }, { "reference_url": "https://github.com/saltstack/salt/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/releases" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25" }, { "reference_url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "reference_url": "https://security.gentoo.org/glsa/202103-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202103-01" }, { "reference_url": "https://security.gentoo.org/glsa/202310-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-22" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-5011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25284", "reference_id": "CVE-2021-25284", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25284" }, { "reference_url": "https://github.com/advisories/GHSA-r55w-xph5-xvx2", "reference_id": "GHSA-r55w-xph5-xvx2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r55w-xph5-xvx2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13627?format=api", "purl": "pkg:pypi/salt@2019.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18974?format=api", "purl": "pkg:pypi/salt@2019.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18975?format=api", "purl": "pkg:pypi/salt@3000.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18981?format=api", "purl": "pkg:pypi/salt@3000.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18976?format=api", "purl": "pkg:pypi/salt@3001.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18985?format=api", "purl": "pkg:pypi/salt@3001.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18972?format=api", "purl": "pkg:pypi/salt@3002.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18977?format=api", "purl": "pkg:pypi/salt@3002.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.5" } ], "aliases": [ "CVE-2021-25284", "GHSA-r55w-xph5-xvx2", "PYSEC-2021-53" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvyr-dwg5-cya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7993?format=api", "vulnerability_id": "VCID-zhu7-et2m-nycg", "summary": "The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14519", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17490" }, { "reference_url": "https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.saltstack.com/en/latest/topics/releases/index.html#latest-branch-release" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-105.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2020-105.yaml" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/2019.2.6.rst#L10" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.4.rst#L10" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.2.rst#L10" }, { "reference_url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L13", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.1.rst#L13" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/" }, { "reference_url": "https://security.gentoo.org/glsa/202011-13", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-13" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4837" }, { "reference_url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves" }, { "reference_url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17490", "reference_id": "CVE-2020-17490", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17490" }, { "reference_url": "https://github.com/advisories/GHSA-3c56-vx6v-q5vh", "reference_id": "GHSA-3c56-vx6v-q5vh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3c56-vx6v-q5vh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13626?format=api", "purl": "pkg:pypi/salt@2018.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-daqt-gz5r-hbfs" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-hzv7-m2fc-4uej" }, { "vulnerability": "VCID-jn54-7udz-8ydy" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-kpfs-vzc3-f3br" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/17461?format=api", "purl": "pkg:pypi/salt@2019.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18961?format=api", "purl": "pkg:pypi/salt@2019.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2019.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/17462?format=api", "purl": "pkg:pypi/salt@3000.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/18963?format=api", "purl": "pkg:pypi/salt@3000.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3000.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18967?format=api", "purl": "pkg:pypi/salt@3001.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3001.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/18970?format=api", "purl": "pkg:pypi/salt@3002.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qku-wmk8-5bg1" }, { "vulnerability": "VCID-49dv-x94w-suda" }, { "vulnerability": "VCID-5s8t-r4qa-yfb7" }, { "vulnerability": "VCID-6y9z-4cqf-dbhh" }, { "vulnerability": "VCID-7qmj-yzm7-yfhs" }, { "vulnerability": "VCID-84t6-tnd4-r3gq" }, { "vulnerability": "VCID-9cpe-uywb-zfbc" }, { "vulnerability": "VCID-anh6-63ah-sfhj" }, { "vulnerability": "VCID-bddr-7e3e-gfch" }, { "vulnerability": "VCID-c3tf-kuxu-euaz" }, { "vulnerability": "VCID-dqnw-edrq-hka2" }, { "vulnerability": "VCID-dttu-htyd-tkcc" }, { "vulnerability": "VCID-eq7b-wcab-rqfq" }, { "vulnerability": "VCID-fgrx-cjat-x7dc" }, { "vulnerability": "VCID-k7nb-cgu8-tye8" }, { "vulnerability": "VCID-kfjs-6e5q-j3aj" }, { "vulnerability": "VCID-n3sc-mzk3-n7cg" }, { "vulnerability": "VCID-n4vy-d4dh-x7gu" }, { "vulnerability": "VCID-r3m9-163d-myff" }, { "vulnerability": "VCID-w6j4-qrr2-3qae" }, { "vulnerability": "VCID-wvyr-dwg5-cya3" }, { "vulnerability": "VCID-z6gy-m65u-wqgh" }, { "vulnerability": "VCID-zc1e-1a3m-87c3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3002.1" } ], "aliases": [ "CVE-2020-17490", "GHSA-3c56-vx6v-q5vh", "PYSEC-2020-105" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhu7-et2m-nycg" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/salt@2018.2.0" }