Description
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
Published: 2021-02-27
Score: 9.8 Critical
EPSS: 9.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-2815-1 salt security update
Debian DLA Debian DLA DLA-2480-2 salt regression update
Debian DSA Debian DSA DSA-5011-1 salt security update
Github GHSA Github GHSA GHSA-8rp6-x3r7-5qw3 SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Ubuntu USN Ubuntu USN USN-6948-1 Salt vulnerabilities
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.05253}

 epss

{'score': 0.06314}

Subscriptions

Debian Debian Linux
Fedoraproject Fedora
Saltstack Salt
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T16:45:51.473Z

Reserved: 2021-01-21T00:00:00.000Z

Link: CVE-2021-3197

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-27T05:15:14.317

Modified: 2024-11-21T06:21:07.497

Link: CVE-2021-3197

cve-icon Redhat

Severity : Important

Publid Date: 2021-02-25T00:00:00Z

Links: CVE-2021-3197 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses