CVE-2021-25283

on github

Published

February 27, 2021

CVSS v3:

9.8 CRITICAL

CVSS v2:

7.5 HIGH

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:saltstack:salt::::::::	2019.2.0 (including)	2019.2.5	*
cpe:2.3:a:saltstack:salt::::::::	2016.3.7 (including)	2016.3.8	*
cpe:2.3:a:saltstack:salt::::::::	2016.11.7 (including)	2016.11.10	*
cpe:2.3:a:saltstack:salt::::::::	2016.3.5 (including)	2016.3.6	*
cpe:2.3:a:saltstack:salt::::::::	2015.8.11 (including)	2015.8.13	*
cpe:2.3:a:saltstack:salt::::::::	2016.3.0 (including)	2016.3.4	*
cpe:2.3:a:saltstack:salt::::::::	n/a	2015.8.10	*
cpe:2.3:a:saltstack:salt::::::::	2016.3.9 (including)	2016.11.3	*
cpe:2.3:a:saltstack:salt::::::::	2016.11.4 (including)	2016.11.5	*
cpe:2.3:a:saltstack:salt::::::::	2017.5.0 (including)	2017.7.8	*
cpe:2.3:a:saltstack:salt::::::::	2018.2.0 (including)	2018.3.5 (including)	*
cpe:2.3:a:saltstack:salt::::::::	2019.2.6 (including)	2019.2.8	*
cpe:2.3:a:saltstack:salt::::::::	3000 (including)	3000.6	*
cpe:2.3:a:saltstack:salt::::::::	3001 (including)	3001.4	*
cpe:2.3:a:saltstack:salt::::::::	3002 (including)	3002.5	*
cpe:2.3:o:fedoraproject:fedora:32:::::::*	n/a	n/a	32
cpe:2.3:o:fedoraproject:fedora:33:::::::*	n/a	n/a	33
cpe:2.3:o:fedoraproject:fedora:34:::::::*	n/a	n/a	34
cpe:2.3:o:debian:debian_linux:9.0:::::::*	n/a	n/a	9.0
cpe:2.3:o:debian:debian_linux:10.0:::::::*	n/a	n/a	10.0
cpe:2.3:o:debian:debian_linux:11.0:::::::*	n/a	n/a	11.0