VDB

PYSEC-2021-52

PYSEC-2021-52 PUBLISHED CVSS 9.300000190734863 CRITICAL

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

Risk Scores

CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
PyPIsalt
PyPIsalt2016.3.7, 0.17.4, 0.17.2

Timeline

  • Feb 27, 2021 CVE Published
  • Apr 22, 2024 CVE Updated
  • May 1, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›