{"url":"http://public2.vulnerablecode.io/api/packages/83258?format=json","purl":"pkg:pypi/salt@3005.4","type":"pypi","namespace":"","name":"salt","version":"3005.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3006.17","latest_non_vulnerable_version":"3007.9","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55430?format=json","vulnerability_id":"VCID-32tp-s4fd-v7h2","summary":"Path traversal in saltstack\nA specially crafted url can be created which leads to a directory traversal in the salt file server.\nA malicious user can read an arbitrary file from a Salt master’s filesystem.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22232","reference_id":"","reference_type":"","scores":[{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63512","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63519","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22232"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab"},{"reference_url":"https://saltproject.io/security-announcements/2024-01-31-advisory","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://saltproject.io/security-announcements/2024-01-31-advisory"},{"reference_url":"https://saltproject.io/security-announcements/2024-01-31-advisory/","reference_id":"2024-01-31-advisory","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-27T14:41:55Z/"}],"url":"https://saltproject.io/security-announcements/2024-01-31-advisory/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22232","reference_id":"CVE-2024-22232","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22232"},{"reference_url":"https://github.com/advisories/GHSA-2qw3-2wv6-p64x","reference_id":"GHSA-2qw3-2wv6-p64x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qw3-2wv6-p64x"},{"reference_url":"https://security.gentoo.org/glsa/202412-09","reference_id":"GLSA-202412-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81945?format=json","purl":"pkg:pypi/salt@3005.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.5"},{"url":"http://public2.vulnerablecode.io/api/packages/81946?format=json","purl":"pkg:pypi/salt@3006.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34yz-hgbf-abee"},{"vulnerability":"VCID-em78-j177-kffg"},{"vulnerability":"VCID-fwas-eecc-3bau"},{"vulnerability":"VCID-fwpy-42pu-8ub3"},{"vulnerability":"VCID-r4b7-j6au-fucm"},{"vulnerability":"VCID-sc4b-v7j2-byed"},{"vulnerability":"VCID-t99c-dqd5-ukfk"},{"vulnerability":"VCID-yt34-n551-1uau"},{"vulnerability":"VCID-zeat-rzj9-u3br"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.6"}],"aliases":["CVE-2024-22232","GHSA-2qw3-2wv6-p64x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32tp-s4fd-v7h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55436?format=json","vulnerability_id":"VCID-qr6n-rx38-6fd2","summary":"Directory creation by malicious user in saltstack\nSyndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22231","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69311","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69302","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22231"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/e0cdb80b55123f4a024759ffcf2b3f0e0788e7ab"},{"reference_url":"https://saltproject.io/security-announcements/2024-01-31-advisory","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://saltproject.io/security-announcements/2024-01-31-advisory"},{"reference_url":"https://saltproject.io/security-announcements/2024-01-31-advisory/","reference_id":"2024-01-31-advisory","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T14:45:17Z/"}],"url":"https://saltproject.io/security-announcements/2024-01-31-advisory/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22231","reference_id":"CVE-2024-22231","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22231"},{"reference_url":"https://github.com/advisories/GHSA-q27c-j6j9-53w3","reference_id":"GHSA-q27c-j6j9-53w3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q27c-j6j9-53w3"},{"reference_url":"https://security.gentoo.org/glsa/202412-09","reference_id":"GLSA-202412-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81945?format=json","purl":"pkg:pypi/salt@3005.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.5"},{"url":"http://public2.vulnerablecode.io/api/packages/81946?format=json","purl":"pkg:pypi/salt@3006.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-34yz-hgbf-abee"},{"vulnerability":"VCID-em78-j177-kffg"},{"vulnerability":"VCID-fwas-eecc-3bau"},{"vulnerability":"VCID-fwpy-42pu-8ub3"},{"vulnerability":"VCID-r4b7-j6au-fucm"},{"vulnerability":"VCID-sc4b-v7j2-byed"},{"vulnerability":"VCID-t99c-dqd5-ukfk"},{"vulnerability":"VCID-yt34-n551-1uau"},{"vulnerability":"VCID-zeat-rzj9-u3br"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.6"}],"aliases":["CVE-2024-22231","GHSA-q27c-j6j9-53w3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr6n-rx38-6fd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49899?format=json","vulnerability_id":"VCID-zudw-npmj-2qe8","summary":"Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload\nSalt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62348","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0065","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00651","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62348"},{"reference_url":"https://docs.saltproject.io/en/latest/topics/releases/3006.17.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-30T19:30:12Z/"}],"url":"https://docs.saltproject.io/en/latest/topics/releases/3006.17.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/issues/68469","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/issues/68469"},{"reference_url":"https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/pull/68472/commits/c17fd645edef208233dcac855615fced69409a00"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62348","reference_id":"CVE-2025-62348","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62348"},{"reference_url":"https://github.com/advisories/GHSA-77w2-v593-vxvv","reference_id":"GHSA-77w2-v593-vxvv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77w2-v593-vxvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73743?format=json","purl":"pkg:pypi/salt@3006.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.17"}],"aliases":["CVE-2025-62348","GHSA-77w2-v593-vxvv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zudw-npmj-2qe8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56189?format=json","vulnerability_id":"VCID-rnh5-7394-dfea","summary":"Salt preflight script could be attacker controlled\nThe Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34049","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18977","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34049"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://github.com/saltstack/salt/commit/286d55eb5a6e6bf9428405bdf5632b419bdf8444","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/286d55eb5a6e6bf9428405bdf5632b419bdf8444"},{"reference_url":"https://github.com/saltstack/salt/commit/7a14112f2a16ce70e3c3e1862c92e37af5f2c7a4","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt/commit/7a14112f2a16ce70e3c3e1862c92e37af5f2c7a4"},{"reference_url":"https://saltproject.io/security-announcements/2023-10-27-advisory","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://saltproject.io/security-announcements/2023-10-27-advisory"},{"reference_url":"https://saltproject.io/security-announcements/2023-10-27-advisory/","reference_id":"2023-10-27-advisory","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-14T15:12:53Z/"}],"url":"https://saltproject.io/security-announcements/2023-10-27-advisory/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34049","reference_id":"CVE-2023-34049","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34049"},{"reference_url":"https://github.com/advisories/GHSA-4277-m35q-7c9w","reference_id":"GHSA-4277-m35q-7c9w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4277-m35q-7c9w"},{"reference_url":"https://security.gentoo.org/glsa/202412-09","reference_id":"GLSA-202412-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83258?format=json","purl":"pkg:pypi/salt@3005.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32tp-s4fd-v7h2"},{"vulnerability":"VCID-qr6n-rx38-6fd2"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.4"},{"url":"http://public2.vulnerablecode.io/api/packages/83259?format=json","purl":"pkg:pypi/salt@3006.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32tp-s4fd-v7h2"},{"vulnerability":"VCID-34yz-hgbf-abee"},{"vulnerability":"VCID-em78-j177-kffg"},{"vulnerability":"VCID-fwas-eecc-3bau"},{"vulnerability":"VCID-fwpy-42pu-8ub3"},{"vulnerability":"VCID-qr6n-rx38-6fd2"},{"vulnerability":"VCID-r4b7-j6au-fucm"},{"vulnerability":"VCID-sc4b-v7j2-byed"},{"vulnerability":"VCID-t99c-dqd5-ukfk"},{"vulnerability":"VCID-yt34-n551-1uau"},{"vulnerability":"VCID-zeat-rzj9-u3br"},{"vulnerability":"VCID-zudw-npmj-2qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3006.4"}],"aliases":["CVE-2023-34049","GHSA-4277-m35q-7c9w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rnh5-7394-dfea"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@3005.4"}