GHSA-76x4-x3p6-rpr9

Source

https://github.com/advisories/GHSA-76x4-x3p6-rpr9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-76x4-x3p6-rpr9/GHSA-76x4-x3p6-rpr9.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-76x4-x3p6-rpr9

Aliases

Published

2022-05-24T17:43:22Z

Modified

2024-10-26T23:02:39.756711Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

SaltStack Salt Directory Traversal vulnerability

Details

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2021-02-27T05:15:00Z",
    "github_reviewed_at": "2024-04-22T21:17:13Z",
    "severity": "HIGH"
}

References

Affected packages

PyPI

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2015.8.13

Affected versions

0.*

0.8.7

0.8.9

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.9.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.11.0

0.11.1

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.15.3

0.15.90

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.0rc1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

2014.*

2014.1.0rc1

2014.1.0rc2

2014.1.0rc3

2014.1.0

2014.1.1

2014.1.2

2014.1.3

2014.1.4

2014.1.5

2014.1.6

2014.1.7

2014.1.8

2014.1.9

2014.1.10

2014.1.11

2014.1.12

2014.1.13

2014.7.0rc1

2014.7.0rc2

2014.7.0rc3

2014.7.0rc4

2014.7.0rc5

2014.7.0rc6

2014.7.0rc7

2014.7.0

2014.7.1

2014.7.2

2014.7.3

2014.7.4

2014.7.5

2014.7.6

2014.7.7

2015.*

2015.2.0rc1

2015.2.0rc2

2015.5.0

2015.5.1

2015.5.2

2015.5.3

2015.5.4

2015.5.5

2015.5.6

2015.5.7

2015.5.8

2015.5.9

2015.5.10

2015.5.11

2015.8.0rc1

2015.8.0rc2

2015.8.0rc3

2015.8.0rc4

2015.8.0rc5

2015.8.0

2015.8.1

2015.8.2

2015.8.3

2015.8.4

2015.8.5

2015.8.7

2015.8.8

2015.8.8.2

2015.8.9

2015.8.10

2015.8.11

2015.8.12

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2016.3.0

Fixed

2016.11.5

Affected versions

2016.*

2016.3.0

2016.3.1

2016.3.2

2016.3.3

2016.3.4

2016.3.5

2016.3.6

2016.3.7

2016.3.8

2016.11.0rc1

2016.11.0rc2

2016.11.0

2016.11.1

2016.11.2

2016.11.3

2016.11.4

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2016.11.7

Fixed

2016.11.10

Affected versions

2016.*

2016.11.7

2016.11.8

2016.11.9

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2017.5.0

Fixed

2017.7.8

Affected versions

2017.*

2017.7.0rc1

2017.7.0

2017.7.1

2017.7.2

2017.7.3

2017.7.4

2017.7.5

2017.7.6

2017.7.7

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2018.2.0

Last affected

2018.3.5

Affected versions

2018.*

2018.3.0rc1

2018.3.0

2018.3.1

2018.3.2

2018.3.3

2018.3.4

2018.3.5

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2019.2.0

Fixed

2019.2.8

Affected versions

2019.*

2019.2.0

2019.2.1

2019.2.2

2019.2.3

2019.2.4

2019.2.5

2019.2.6

2019.2.7

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3000

Fixed

3000.7

Affected versions

Other

3000

3000.*

3000.1

3000.2

3000.3

3000.4

3000.5

3000.6

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3001

Fixed

3001.5

Affected versions

Other

3001

3001.*

3001.1

3001.2

3001.3

3001.4

salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3002

Fixed

3002.3

Affected versions

Other

3002

3002.*

3002.1

3002.2