CVE-2021-3197: Injection Vulnerability
(updated )
An issue was discovered in SaltStack’s salt-api. The salt-api ssh client is vulnerable to a shell injection by including ProxyCommand
in an argument, or via ssh_options
provided in an API request.
References
Detect and mitigate CVE-2021-3197 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →