CVE-2013-4438

CWE-94Code Injection5 documents5 sources
Severity
7.5HIGH
EPSS
0.6%
top 31.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Saltstack Salt
Timeline
PublishedNov 5
Latest updateMay 17

Description

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDsaltstack/salt0.17.0+30
PyPIsalt< 0.17.1

Patches

Patch: docs.saltstack.comPatch: docs.saltstack.com

🔴Vulnerability Details

3
GHSA
GHSA-j8fm-j268-rq9p: Salt (aka SaltStack) before 02022-05-17
OSV
CVE-2013-4438: Salt (aka SaltStack) before 02013-11-05
CVEList
CVE-2013-4438: Salt (aka SaltStack) before 02013-11-05

💬Community

1
Bugzilla
CVE-2013-4435 CVE-2013-4436 CVE-2013-4437 CVE-2013-4438 CVE-2013-4439 CVE-2013-6617 salt: saltstack multiple flaws2013-10-17
CVE-2013-4438 (HIGH CVSS 7.5) | Salt (aka SaltStack) before 0.17.1 | cvebase.io