CVE-2021-3148: Command Injection
(updated )
An issue was discovered in SaltStack Salt. By sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin()
command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
References
Detect and mitigate CVE-2021-3148 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →