{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7193?format=json","vulnerability_id":"VCID-5p4x-qc2f-2fec","summary":"Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to \"insecure Usage of /tmp.\"","aliases":[{"alias":"CVE-2013-4437"},{"alias":"GHSA-qr3x-v97p-42xw"},{"alias":"PYSEC-2013-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6499?format=json","purl":"pkg:pypi/salt@0.17.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15a9-6v52-mbhm"},{"vulnerability":"VCID-2db5-ek61-2bdx"},{"vulnerability":"VCID-35um-xhk7-5yeg"},{"vulnerability":"VCID-3qku-wmk8-5bg1"},{"vulnerability":"VCID-49dv-x94w-suda"},{"vulnerability":"VCID-6bd4-ppra-pya5"},{"vulnerability":"VCID-6w6z-4hxz-87d5"},{"vulnerability":"VCID-6y9z-4cqf-dbhh"},{"vulnerability":"VCID-7k8b-xcq4-tyed"},{"vulnerability":"VCID-7qmj-yzm7-yfhs"},{"vulnerability":"VCID-7tgk-t6sy-cbbs"},{"vulnerability":"VCID-84t6-tnd4-r3gq"},{"vulnerability":"VCID-8nts-xmw9-c7d9"},{"vulnerability":"VCID-9agn-habm-fkh7"},{"vulnerability":"VCID-9cpe-uywb-zfbc"},{"vulnerability":"VCID-a5sa-utfb-yyc6"},{"vulnerability":"VCID-a8mx-rnzd-jydu"},{"vulnerability":"VCID-anh6-63ah-sfhj"},{"vulnerability":"VCID-bddr-7e3e-gfch"},{"vulnerability":"VCID-c3tf-kuxu-euaz"},{"vulnerability":"VCID-c9nu-n4mq-kfc1"},{"vulnerability":"VCID-daqt-gz5r-hbfs"},{"vulnerability":"VCID-dqnw-edrq-hka2"},{"vulnerability":"VCID-dttu-htyd-tkcc"},{"vulnerability":"VCID-eq7b-wcab-rqfq"},{"vulnerability":"VCID-fgrx-cjat-x7dc"},{"vulnerability":"VCID-fm6f-fxrk-hqe2"},{"vulnerability":"VCID-g5gy-3fk7-xbc8"},{"vulnerability":"VCID-gfyd-1pm9-gfa9"},{"vulnerability":"VCID-hzv7-m2fc-4uej"},{"vulnerability":"VCID-jn54-7udz-8ydy"},{"vulnerability":"VCID-k7nb-cgu8-tye8"},{"vulnerability":"VCID-kfjs-6e5q-j3aj"},{"vulnerability":"VCID-kpfs-vzc3-f3br"},{"vulnerability":"VCID-n3sc-mzk3-n7cg"},{"vulnerability":"VCID-n4vy-d4dh-x7gu"},{"vulnerability":"VCID-nvpk-cpym-4yas"},{"vulnerability":"VCID-qjb5-ptr2-3fbr"},{"vulnerability":"VCID-qupk-axwe-k7dq"},{"vulnerability":"VCID-qvxh-acut-7qhb"},{"vulnerability":"VCID-r3m9-163d-myff"},{"vulnerability":"VCID-u34q-665s-ufda"},{"vulnerability":"VCID-unk4-u7sx-2qg7"},{"vulnerability":"VCID-w6j4-qrr2-3qae"},{"vulnerability":"VCID-wvyr-dwg5-cya3"},{"vulnerability":"VCID-z2wc-w8ae-q3a9"},{"vulnerability":"VCID-z6gy-m65u-wqgh"},{"vulnerability":"VCID-zc1e-1a3m-87c3"},{"vulnerability":"VCID-zfse-uncr-3qcq"},{"vulnerability":"VCID-zhu7-et2m-nycg"},{"vulnerability":"VCID-zk1k-x6gr-3udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.17.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6498?format=json","purl":"pkg:pypi/salt@0.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15a9-6v52-mbhm"},{"vulnerability":"VCID-1fkp-uh47-jfdb"},{"vulnerability":"VCID-2db5-ek61-2bdx"},{"vulnerability":"VCID-35um-xhk7-5yeg"},{"vulnerability":"VCID-3qku-wmk8-5bg1"},{"vulnerability":"VCID-49dv-x94w-suda"},{"vulnerability":"VCID-5p4x-qc2f-2fec"},{"vulnerability":"VCID-6bd4-ppra-pya5"},{"vulnerability":"VCID-6w6z-4hxz-87d5"},{"vulnerability":"VCID-6y9z-4cqf-dbhh"},{"vulnerability":"VCID-7k8b-xcq4-tyed"},{"vulnerability":"VCID-7qmj-yzm7-yfhs"},{"vulnerability":"VCID-7tgk-t6sy-cbbs"},{"vulnerability":"VCID-84t6-tnd4-r3gq"},{"vulnerability":"VCID-8nts-xmw9-c7d9"},{"vulnerability":"VCID-9agn-habm-fkh7"},{"vulnerability":"VCID-9cpe-uywb-zfbc"},{"vulnerability":"VCID-9khm-927q-2kex"},{"vulnerability":"VCID-a5sa-utfb-yyc6"},{"vulnerability":"VCID-a8mx-rnzd-jydu"},{"vulnerability":"VCID-anh6-63ah-sfhj"},{"vulnerability":"VCID-bddr-7e3e-gfch"},{"vulnerability":"VCID-c3tf-kuxu-euaz"},{"vulnerability":"VCID-c9nu-n4mq-kfc1"},{"vulnerability":"VCID-daqt-gz5r-hbfs"},{"vulnerability":"VCID-dqnw-edrq-hka2"},{"vulnerability":"VCID-dttu-htyd-tkcc"},{"vulnerability":"VCID-eq7b-wcab-rqfq"},{"vulnerability":"VCID-f5js-b715-83ef"},{"vulnerability":"VCID-fgrx-cjat-x7dc"},{"vulnerability":"VCID-fm6f-fxrk-hqe2"},{"vulnerability":"VCID-g2jb-w55u-8bd3"},{"vulnerability":"VCID-g5gy-3fk7-xbc8"},{"vulnerability":"VCID-gfyd-1pm9-gfa9"},{"vulnerability":"VCID-hzv7-m2fc-4uej"},{"vulnerability":"VCID-jn54-7udz-8ydy"},{"vulnerability":"VCID-k7nb-cgu8-tye8"},{"vulnerability":"VCID-kfjs-6e5q-j3aj"},{"vulnerability":"VCID-kpfs-vzc3-f3br"},{"vulnerability":"VCID-n3sc-mzk3-n7cg"},{"vulnerability":"VCID-n4vy-d4dh-x7gu"},{"vulnerability":"VCID-nvpk-cpym-4yas"},{"vulnerability":"VCID-qjb5-ptr2-3fbr"},{"vulnerability":"VCID-qupk-axwe-k7dq"},{"vulnerability":"VCID-qvxh-acut-7qhb"},{"vulnerability":"VCID-r3m9-163d-myff"},{"vulnerability":"VCID-u34q-665s-ufda"},{"vulnerability":"VCID-unk4-u7sx-2qg7"},{"vulnerability":"VCID-vmv9-71hb-zbbz"},{"vulnerability":"VCID-w6j4-qrr2-3qae"},{"vulnerability":"VCID-wvyr-dwg5-cya3"},{"vulnerability":"VCID-z2wc-w8ae-q3a9"},{"vulnerability":"VCID-z6gy-m65u-wqgh"},{"vulnerability":"VCID-zc1e-1a3m-87c3"},{"vulnerability":"VCID-zfse-uncr-3qcq"},{"vulnerability":"VCID-zhu7-et2m-nycg"},{"vulnerability":"VCID-zk1k-x6gr-3udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/salt@0.17.0"}],"references":[{"reference_url":"http://docs.saltstack.com/topics/releases/0.17.1.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.saltstack.com/topics/releases/0.17.1.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4437","reference_id":"","reference_type":"","scores":[{"value":"0.00675","scoring_system":"epss","scoring_elements":"0.7181","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4437"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-27.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2013-27.yaml"},{"reference_url":"https://github.com/saltstack/salt","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/saltstack/salt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4437","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4437"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/10/18/3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/10/18/3"},{"reference_url":"https://github.com/advisories/GHSA-qr3x-v97p-42xw","reference_id":"GHSA-qr3x-v97p-42xw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qr3x-v97p-42xw"}],"weaknesses":[{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p4x-qc2f-2fec"}