Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/salt@3005.4
Typepypi
Namespace
Namesalt
Version3005.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3006.17
Latest_non_vulnerable_version3007.9
Affected_by_vulnerabilities
0
url VCID-32tp-s4fd-v7h2
vulnerability_id VCID-32tp-s4fd-v7h2
summary 
Path traversal in saltstack
A specially crafted url can be created which leads to a directory traversal in the salt file server.
A malicious user can read an arbitrary file from a Salt master’s filesystem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22232
reference_id
reference_type
scores
0
value 0.00439
scoring_system epss
scoring_elements 0.63519
published_at 2026-06-06T12:55:00Z
1
value 0.00439
scoring_system epss
scoring_elements 0.6351
published_at 2026-06-07T12:55:00Z
2
value 0.00439
scoring_system epss
scoring_elements 0.63512
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22232
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
3
reference_url https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab
4
reference_url https://saltproject.io/security-announcements/2024-01-31-advisory
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security-announcements/2024-01-31-advisory
5
reference_url https://saltproject.io/security-announcements/2024-01-31-advisory/
reference_id 2024-01-31-advisory
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-27T14:41:55Z/
url https://saltproject.io/security-announcements/2024-01-31-advisory/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22232
reference_id CVE-2024-22232
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22232
7
reference_url https://github.com/advisories/GHSA-2qw3-2wv6-p64x
reference_id GHSA-2qw3-2wv6-p64x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qw3-2wv6-p64x
8
reference_url https://security.gentoo.org/glsa/202412-09
reference_id GLSA-202412-09
reference_type
scores
url https://security.gentoo.org/glsa/202412-09
fixed_packages
0
url pkg:pypi/salt@3005.5
purl pkg:pypi/salt@3005.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zudw-npmj-2qe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.5
1
url pkg:pypi/salt@3006.6
purl pkg:pypi/salt@3006.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34yz-hgbf-abee
1
vulnerability VCID-em78-j177-kffg
2
vulnerability VCID-fwas-eecc-3bau
3
vulnerability VCID-fwpy-42pu-8ub3
4
vulnerability VCID-r4b7-j6au-fucm
5
vulnerability VCID-sc4b-v7j2-byed
6
vulnerability VCID-t99c-dqd5-ukfk
7
vulnerability VCID-yt34-n551-1uau
8
vulnerability VCID-zeat-rzj9-u3br
9
vulnerability VCID-zudw-npmj-2qe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.6
aliases CVE-2024-22232, GHSA-2qw3-2wv6-p64x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32tp-s4fd-v7h2
1
url VCID-qr6n-rx38-6fd2
vulnerability_id VCID-qr6n-rx38-6fd2
summary 
Directory creation by malicious user in saltstack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22231
reference_id
reference_type
scores
0
value 0.0058
scoring_system epss
scoring_elements 0.69301
published_at 2026-06-07T12:55:00Z
1
value 0.0058
scoring_system epss
scoring_elements 0.69311
published_at 2026-06-06T12:55:00Z
2
value 0.0058
scoring_system epss
scoring_elements 0.69302
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22231
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
3
reference_url https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab
4
reference_url https://saltproject.io/security-announcements/2024-01-31-advisory
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security-announcements/2024-01-31-advisory
5
reference_url https://saltproject.io/security-announcements/2024-01-31-advisory/
reference_id 2024-01-31-advisory
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T14:45:17Z/
url https://saltproject.io/security-announcements/2024-01-31-advisory/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22231
reference_id CVE-2024-22231
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22231
7
reference_url https://github.com/advisories/GHSA-q27c-j6j9-53w3
reference_id GHSA-q27c-j6j9-53w3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q27c-j6j9-53w3
8
reference_url https://security.gentoo.org/glsa/202412-09
reference_id GLSA-202412-09
reference_type
scores
url https://security.gentoo.org/glsa/202412-09
fixed_packages
0
url pkg:pypi/salt@3005.5
purl pkg:pypi/salt@3005.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zudw-npmj-2qe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.5
1
url pkg:pypi/salt@3006.6
purl pkg:pypi/salt@3006.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34yz-hgbf-abee
1
vulnerability VCID-em78-j177-kffg
2
vulnerability VCID-fwas-eecc-3bau
3
vulnerability VCID-fwpy-42pu-8ub3
4
vulnerability VCID-r4b7-j6au-fucm
5
vulnerability VCID-sc4b-v7j2-byed
6
vulnerability VCID-t99c-dqd5-ukfk
7
vulnerability VCID-yt34-n551-1uau
8
vulnerability VCID-zeat-rzj9-u3br
9
vulnerability VCID-zudw-npmj-2qe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.6
aliases CVE-2024-22231, GHSA-q27c-j6j9-53w3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qr6n-rx38-6fd2
2
url VCID-zudw-npmj-2qe8
vulnerability_id VCID-zudw-npmj-2qe8
summary 
Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62348
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.0065
published_at 2026-06-05T12:55:00Z
1
value 7e-05
scoring_system epss
scoring_elements 0.00648
published_at 2026-06-07T12:55:00Z
2
value 7e-05
scoring_system epss
scoring_elements 0.00651
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62348
1
reference_url https://docs.saltproject.io/en/latest/topics/releases/3006.17.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-30T19:30:12Z/
url https://docs.saltproject.io/en/latest/topics/releases/3006.17.html
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
4
reference_url https://github.com/saltstack/salt/issues/68469
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/issues/68469
5
reference_url https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62348
reference_id CVE-2025-62348
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62348
7
reference_url https://github.com/advisories/GHSA-77w2-v593-vxvv
reference_id GHSA-77w2-v593-vxvv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77w2-v593-vxvv
fixed_packages
0
url pkg:pypi/salt@3006.17
purl pkg:pypi/salt@3006.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.17
aliases CVE-2025-62348, GHSA-77w2-v593-vxvv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zudw-npmj-2qe8
Fixing_vulnerabilities
0
url VCID-rnh5-7394-dfea
vulnerability_id VCID-rnh5-7394-dfea
summary 
Salt preflight script could be attacker controlled
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34049
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18937
published_at 2026-06-07T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.18977
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34049
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/saltstack/salt
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt
3
reference_url https://github.com/saltstack/salt/commit/286d55eb5a6e6bf9428405bdf5632b419bdf8444
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/286d55eb5a6e6bf9428405bdf5632b419bdf8444
4
reference_url https://github.com/saltstack/salt/commit/7a14112f2a16ce70e3c3e1862c92e37af5f2c7a4
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/saltstack/salt/commit/7a14112f2a16ce70e3c3e1862c92e37af5f2c7a4
5
reference_url https://saltproject.io/security-announcements/2023-10-27-advisory
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://saltproject.io/security-announcements/2023-10-27-advisory
6
reference_url https://saltproject.io/security-announcements/2023-10-27-advisory/
reference_id 2023-10-27-advisory
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:12:53Z/
url https://saltproject.io/security-announcements/2023-10-27-advisory/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34049
reference_id CVE-2023-34049
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34049
8
reference_url https://github.com/advisories/GHSA-4277-m35q-7c9w
reference_id GHSA-4277-m35q-7c9w
reference_type
scores
url https://github.com/advisories/GHSA-4277-m35q-7c9w
9
reference_url https://security.gentoo.org/glsa/202412-09
reference_id GLSA-202412-09
reference_type
scores
url https://security.gentoo.org/glsa/202412-09
fixed_packages
0
url pkg:pypi/salt@3005.4
purl pkg:pypi/salt@3005.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32tp-s4fd-v7h2
1
vulnerability VCID-qr6n-rx38-6fd2
2
vulnerability VCID-zudw-npmj-2qe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.4
1
url pkg:pypi/salt@3006.4
purl pkg:pypi/salt@3006.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32tp-s4fd-v7h2
1
vulnerability VCID-34yz-hgbf-abee
2
vulnerability VCID-em78-j177-kffg
3
vulnerability VCID-fwas-eecc-3bau
4
vulnerability VCID-fwpy-42pu-8ub3
5
vulnerability VCID-qr6n-rx38-6fd2
6
vulnerability VCID-r4b7-j6au-fucm
7
vulnerability VCID-sc4b-v7j2-byed
8
vulnerability VCID-t99c-dqd5-ukfk
9
vulnerability VCID-yt34-n551-1uau
10
vulnerability VCID-zeat-rzj9-u3br
11
vulnerability VCID-zudw-npmj-2qe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.4
aliases CVE-2023-34049, GHSA-4277-m35q-7c9w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnh5-7394-dfea
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.4