—

PYSEC-2021-318

Details

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt

Introduced in: 0 Fixed in: 3003.3

Fix pip install --upgrade 'salt>=3003.3'

References

https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ [ADVISORY]
https://github.com/advisories/GHSA-pf7h-h2wq-m7pg [ADVISORY]