Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9khm-927q-2kex
Vulnerability ID VCID-9khm-927q-2kex
Aliases CVE-2013-4438
PYSEC-2013-13
Summary Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.0057 https://api.first.org/data/v1/epss?cve=CVE-2013-4438
Reference id Reference type URL
http://docs.saltstack.com/topics/releases/0.17.1.html
https://api.first.org/data/v1/epss?cve=CVE-2013-4438
http://www.openwall.com/lists/oss-security/2013/10/18/3
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.68926
EPSS Score 0.0057
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:15:56.689972+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2013-13.yaml 38.6.0