CVE-2021-3197

Published: Feb 27, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/saltstack/salt/releases

https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/

FEDORA-2021-904a2dbc0c

vendor-advisory

FEDORA-2021-5756fbf8a6

vendor-advisory

FEDORA-2021-43eb5584ad

vendor-advisory

GLSA-202103-01

vendor-advisory

[debian-lts-announce] 20211110 [SECURITY] [DLA 2815-1] salt security update

mailing-list

DSA-5011

vendor-advisory

[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update

mailing-list

GLSA-202310-22

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-3197

Description

Affected Products

References