PYSEC-2021-57 — Vulnetix

PYSEC-2021-57 PUBLISHED

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

Affected Products

Vendor	Product	Versions
PyPI	salt	2019.2.6, 0, 2015.8.11

Timeline

Feb 27, 2021 CVE Published
Apr 22, 2024 CVE Updated
May 1, 2026 Security Advisory

References

https://github.com/saltstack/salt/releases url
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/ url
https://security.gentoo.org/glsa/202103-01 advisory

Open in Interactive Console →