Search for packages
| purl | pkg:pypi/salt@3000.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9agn-habm-fkh7
Aliases: CVE-2020-25592 GHSA-29j3-2446-5j4w PYSEC-2020-106 |
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. |
Affected by 23 other vulnerabilities. Affected by 23 other vulnerabilities. Affected by 23 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-qupk-axwe-k7dq
Aliases: CVE-2020-16846 GHSA-qr38-h96j-2j3w PYSEC-2020-104 |
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. |
Affected by 23 other vulnerabilities. Affected by 23 other vulnerabilities. Affected by 23 other vulnerabilities. Affected by 23 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T00:58:04.363804+00:00 | GHSA Importer | Affected by | VCID-qupk-axwe-k7dq | https://github.com/advisories/GHSA-qr38-h96j-2j3w | 38.6.0 |
| 2026-05-31T00:58:04.139306+00:00 | GHSA Importer | Affected by | VCID-9agn-habm-fkh7 | https://github.com/advisories/GHSA-29j3-2446-5j4w | 38.6.0 |