CVE-2013-4438
published 2013-11-05CVE-2013-4438: Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.10%
79.4th percentile
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | <= 0.17.0 | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j8fm-j268-rq9p: Salt (aka SaltStack) before 0
ghsa_unreviewed·2022-05-17
CVE-2013-4438 [HIGH] CWE-94 GHSA-j8fm-j268-rq9p: Salt (aka SaltStack) before 0
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
OSV
CVE-2013-4438: Salt (aka SaltStack) before 0
osv·2013-11-05
CVE-2013-4438 CVE-2013-4438: Salt (aka SaltStack) before 0
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
No detection rules found.
No public exploits indexed.
2013-11-05
Published