CVE-2020-16846

OS Command Injection in pypi/salt

Identifier

CVE-2020-16846

Package Slug

pypi/salt

Vulnerability

OS Command Injection

Description

An issue was discovered in SaltStack Salt Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

Affected Versions

All versions before 2015.8.13, all versions starting from 2016.3.0 before 2016.3.8, all versions starting from 2016.11.0 before 2016.11.10, all versions starting from 2017.5.0 before 2017.7.8, all versions starting from 2018.2.0 before 2018.3.5, all versions starting from 2019.2.0 before 2019.2.5, all versions starting from 3000.0 before 3000.3, version 3001

Solution

Upgrade to versions 2015.8.13, 2016.3.8, 2016.11.10, 2017.7.8, 2018.3.5, 2019.2.5, 3000.3, 3001.1 or above.

Last Modified

2020-11-17

source