Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS14Z21oLWdmeHctMmh2ds4AAnsM

Critical EPSS: 0.07444% (0.91224 Percentile) EPSS:
Permalink JSON

SaltStack Salt Server Side Template Injection

Affected Packages Affected Versions Fixed Versions
pypi:salt >= 3002, < 3002.5, >= 3001, < 3001.5, >= 3000, < 3000.7, >= 2019.2.0, < 2019.2.8, >= 2018.2.0, <= 2018.3.5, >= 2017.5.0, < 2017.7.8, >= 2016.11.7, < 2016.11.10, >= 2016.3.0, < 2016.11.5, < 2015.8.13 3002.5, 3001.5, 3000.7, 2019.2.8, , 2017.7.8, 2016.11.10, 2016.11.5, 2015.8.13
34 Dependent packages
428 Dependent repositories
52,414 Downloads last month

Affected Version Ranges

All affected versions

0.8.7, 0.8.9, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.14.0, 0.14.1, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 0.15.90, 0.16.0, 0.16.1, 0.16.2, 0.16.3, 0.16.4, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5, 2014.1.0, 2014.1.1, 2014.1.2, 2014.1.3, 2014.1.4, 2014.1.5, 2014.1.6, 2014.1.7, 2014.1.8, 2014.1.9, 2014.1.10, 2014.1.11, 2014.1.12, 2014.1.13, 2014.7.0, 2014.7.1, 2014.7.2, 2014.7.3, 2014.7.4, 2014.7.5, 2014.7.6, 2014.7.7, 2015.5.0, 2015.5.1, 2015.5.2, 2015.5.3, 2015.5.4, 2015.5.5, 2015.5.6, 2015.5.7, 2015.5.8, 2015.5.9, 2015.5.10, 2015.5.11, 2015.8.0, 2015.8.1, 2015.8.2, 2015.8.3, 2015.8.4, 2015.8.5, 2015.8.7, 2015.8.8, 2015.8.9, 2015.8.10, 2015.8.11, 2015.8.12, 2016.3.0, 2016.3.1, 2016.3.2, 2016.3.3, 2016.3.4, 2016.3.5, 2016.3.6, 2016.3.7, 2016.3.8, 2016.11.0, 2016.11.1, 2016.11.2, 2016.11.3, 2016.11.4, 2016.11.7, 2016.11.8, 2016.11.9, 2017.7.0, 2017.7.1, 2017.7.2, 2017.7.3, 2017.7.4, 2017.7.5, 2017.7.6, 2017.7.7, 2018.3.0, 2018.3.1, 2018.3.2, 2018.3.3, 2018.3.4, 2018.3.5, 2019.2.0, 2019.2.1, 2019.2.2, 2019.2.3, 2019.2.4, 2019.2.5, 2019.2.6, 2019.2.7

All unaffected versions

2015.8.13, 2016.11.5, 2016.11.6, 2016.11.10, 2017.7.8, 2019.2.8

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

References:

Identifiers

GHSA-xgmh-gfxw-2hvv

CVE-2021-25283

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.07444

EPSS Percentile: 0.91224

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/saltstack/salt

Date and time

Published

about 3 years ago

Updated

9 months ago

API

JSON