Security Advisory

CVE-2021-3148

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-27 00:00:00

Last updated 2024-08-03 16:45:51

Assigner mitre

State PUBLISHED

Description

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.

← Browse all CVEs View on cve.org ↗