{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34828?format=json","vulnerability_id":"VCID-gheq-ynw6-nbfg","summary":"The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.","aliases":[{"alias":"CVE-2013-4436"},{"alias":"PYSEC-2013-26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7724?format=json","purl":"pkg:pypi/salt@0.17.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ds7-ga65-r3b6"},{"vulnerability":"VCID-2h9s-fgnc-1qeg"},{"vulnerability":"VCID-3xs9-ym4e-fyag"},{"vulnerability":"VCID-47u4-vdsp-c3ct"},{"vulnerability":"VCID-48tt-fe7z-ybfb"},{"vulnerability":"VCID-58p2-6c4u-tybp"},{"vulnerability":"VCID-5hr1-5aec-43h3"},{"vulnerability":"VCID-5w26-jb3k-u3b7"},{"vulnerability":"VCID-65p4-5x86-y3fj"},{"vulnerability":"VCID-6cfw-9xe8-43d6"},{"vulnerability":"VCID-7mam-gwcp-8kdm"},{"vulnerability":"VCID-8ghn-kbm9-sfas"},{"vulnerability":"VCID-8jkp-8ngh-9bcd"},{"vulnerability":"VCID-8mpz-ke16-fbej"},{"vulnerability":"VCID-a8kw-uehx-xfg5"},{"vulnerability":"VCID-az3x-2atn-pqh4"},{"vulnerability":"VCID-bxh1-y9mk-3ygg"},{"vulnerability":"VCID-ce2x-ehyk-nufk"},{"vulnerability":"VCID-cubj-wrbp-1qbu"},{"vulnerability":"VCID-e6kv-phwy-vfef"},{"vulnerability":"VCID-e8qc-mktf-gyam"},{"vulnerability":"VCID-gafc-bb59-9yhb"},{"vulnerability":"VCID-h4tm-9wqz-1qge"},{"vulnerability":"VCID-hgv6-czxs-cfbc"},{"vulnerability":"VCID-j5th-837s-fkft"},{"vulnerability":"VCID-jbea-m4ak-tqd7"},{"vulnerability":"VCID-jyxg-h3a9-8ygv"},{"vulnerability":"VCID-k1gu-khda-jyeb"},{"vulnerability":"VCID-kapu-yvhn-ybhw"},{"vulnerability":"VCID-mbpz-g2vs-tqc1"},{"vulnerability":"VCID-neby-tsrt-ryg5"},{"vulnerability":"VCID-nehw-r7zm-j7bb"},{"vulnerability":"VCID-p4xa-ks7v-wbay"},{"vulnerability":"VCID-qgqk-f1g2-7fbz"},{"vulnerability":"VCID-reer-fk1f-tkbj"},{"vulnerability":"VCID-saff-gz5j-8kex"},{"vulnerability":"VCID-u5sa-wp1e-wyhg"},{"vulnerability":"VCID-v345-m7e1-aue2"},{"vulnerability":"VCID-v43a-k2bg-wkbz"},{"vulnerability":"VCID-w2qv-hbsf-xyfh"},{"vulnerability":"VCID-xccs-pwhb-nuce"},{"vulnerability":"VCID-xfnm-yvm9-73az"},{"vulnerability":"VCID-znn9-qud3-wqat"},{"vulnerability":"VCID-zter-3e3b-7yfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.17.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7723?format=json","purl":"pkg:pypi/salt@0.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ds7-ga65-r3b6"},{"vulnerability":"VCID-2h9s-fgnc-1qeg"},{"vulnerability":"VCID-3xs9-ym4e-fyag"},{"vulnerability":"VCID-47u4-vdsp-c3ct"},{"vulnerability":"VCID-48tt-fe7z-ybfb"},{"vulnerability":"VCID-58p2-6c4u-tybp"},{"vulnerability":"VCID-5hr1-5aec-43h3"},{"vulnerability":"VCID-5w26-jb3k-u3b7"},{"vulnerability":"VCID-65p4-5x86-y3fj"},{"vulnerability":"VCID-6cfw-9xe8-43d6"},{"vulnerability":"VCID-6qhe-17nn-7fc1"},{"vulnerability":"VCID-7mam-gwcp-8kdm"},{"vulnerability":"VCID-8ghn-kbm9-sfas"},{"vulnerability":"VCID-8jkp-8ngh-9bcd"},{"vulnerability":"VCID-8mpz-ke16-fbej"},{"vulnerability":"VCID-a8kw-uehx-xfg5"},{"vulnerability":"VCID-az3x-2atn-pqh4"},{"vulnerability":"VCID-bxh1-y9mk-3ygg"},{"vulnerability":"VCID-byz4-ynsr-kbec"},{"vulnerability":"VCID-ce2x-ehyk-nufk"},{"vulnerability":"VCID-cubj-wrbp-1qbu"},{"vulnerability":"VCID-e6kv-phwy-vfef"},{"vulnerability":"VCID-e8qc-mktf-gyam"},{"vulnerability":"VCID-ew62-nxq6-fudr"},{"vulnerability":"VCID-gafc-bb59-9yhb"},{"vulnerability":"VCID-gheq-ynw6-nbfg"},{"vulnerability":"VCID-h4tm-9wqz-1qge"},{"vulnerability":"VCID-hgv6-czxs-cfbc"},{"vulnerability":"VCID-j5th-837s-fkft"},{"vulnerability":"VCID-jbea-m4ak-tqd7"},{"vulnerability":"VCID-jyxg-h3a9-8ygv"},{"vulnerability":"VCID-k1gu-khda-jyeb"},{"vulnerability":"VCID-kapu-yvhn-ybhw"},{"vulnerability":"VCID-mbpz-g2vs-tqc1"},{"vulnerability":"VCID-neby-tsrt-ryg5"},{"vulnerability":"VCID-nehw-r7zm-j7bb"},{"vulnerability":"VCID-p4xa-ks7v-wbay"},{"vulnerability":"VCID-qgqk-f1g2-7fbz"},{"vulnerability":"VCID-r82y-w2b1-vbdn"},{"vulnerability":"VCID-reer-fk1f-tkbj"},{"vulnerability":"VCID-saff-gz5j-8kex"},{"vulnerability":"VCID-u5sa-wp1e-wyhg"},{"vulnerability":"VCID-uwr9-v56j-cuak"},{"vulnerability":"VCID-v345-m7e1-aue2"},{"vulnerability":"VCID-v43a-k2bg-wkbz"},{"vulnerability":"VCID-w2qv-hbsf-xyfh"},{"vulnerability":"VCID-xccs-pwhb-nuce"},{"vulnerability":"VCID-xfnm-yvm9-73az"},{"vulnerability":"VCID-znn9-qud3-wqat"},{"vulnerability":"VCID-zter-3e3b-7yfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.17.0"}],"references":[{"reference_url":"http://docs.saltstack.com/topics/releases/0.17.1.html","reference_id":"","reference_type":"","scores":[],"url":"http://docs.saltstack.com/topics/releases/0.17.1.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/10/18/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/10/18/3"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gheq-ynw6-nbfg"}