—
PYSEC-2021-52
Details
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/saltstack/salt/releases [WEB]
- https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH/ [WEB]
- https://security.gentoo.org/glsa/202103-01 [ADVISORY]
- https://github.com/advisories/GHSA-xgmh-gfxw-2hvv [ADVISORY]