CVE-2021-25282

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-25282
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25282.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-25282
Aliases
Downstream
Related
Published
2021-02-27T05:15:13.910Z
Modified
2026-04-10T04:31:10.662738Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c3d2c4eaaef3f26e58d2f676c7456987af866155
Introduced
aaa6f7d80a61637353c9af1229d2754df52ee482
Fixed
e8309a6bbf12b8b803fdbd410e21b8b03d8b5264
Introduced
11acecc43e2c2e4e9a0e73d76b46b035afe8d538
Fixed
7d79ea784414fc73afc85086ce912fda83f3497d
Introduced
a04ab86da15215c01610183e60f4a2af6131f475
Fixed
24c4ae9c2148a0f48e4f28c848a5011e18b57b7a
Introduced
11d176ff1b3c72a529a641c780de6bf70b792253
Fixed
8cf08bd7be0110f965ca768b2e590f68e6b0a519
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
40f72db53e2b22e7ef88e1e150caedfdf10772f1
Introduced
e5cd6086a75818885f2bd5bee3d7da3b2c07b110
Fixed
a10f0146a42338e04a4e2d8066f1ee99571c9fbd
Introduced
d15dce349611a970fff8d3ffb462ef95ce7b2360
Fixed
302776b03c38514667e2292ef3553b6442ee776d
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d520f9acc16ac5df744c08fe5153164876c1c9ee
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2765a4d2b9205ffd2af167882953f55ebf9f0214
Introduced
0ca04ffbebb9daeb8469a6e80d868b8a6524bd99
Fixed
5da2de946d243b538926f4992a1ee9a9d865e62d
Introduced
d792c0ef3a2c253e7928e2bd55ef77fbf7144d0b
Fixed
56d1cab54def97b417f66aadf724eaffc3ee86a9
Introduced
9adc2214c3bb7c68f820f7bd5fe5e132b7b3fbc9
Fixed
c77785846af50970f4d6c69234d1a9d2a4e0020b
Introduced
b95213ec903402f25c1e0aeb3990fe8452ab63ce
Fixed
8e94b352cc183aee9118e03a52e6eebb89469557
Introduced
998c382f5f2c3b4cbf7d96aa6913ada6993909b3
Fixed
53efaab6403a751e6e74dcf53e8c6d5be05b0515
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2015.8.10"
        },
        {
            "introduced": "2015.8.11"
        },
        {
            "fixed": "2015.8.13"
        },
        {
            "introduced": "2016.3.0"
        },
        {
            "fixed": "2016.3.4"
        },
        {
            "introduced": "2016.3.5"
        },
        {
            "fixed": "2016.3.6"
        },
        {
            "introduced": "2016.3.7"
        },
        {
            "fixed": "2016.3.8"
        },
        {
            "introduced": "2016.3.9"
        },
        {
            "fixed": "2016.11.3"
        },
        {
            "introduced": "2016.11.4"
        },
        {
            "fixed": "2016.11.5"
        },
        {
            "introduced": "2016.11.7"
        },
        {
            "fixed": "2016.11.10"
        },
        {
            "introduced": "2017.5.0"
        },
        {
            "fixed": "2017.7.8"
        },
        {
            "introduced": "2018.2.0"
        },
        {
            "last_affected": "2018.3.5"
        },
        {
            "introduced": "2019.2.0"
        },
        {
            "fixed": "2019.2.5"
        },
        {
            "introduced": "2019.2.6"
        },
        {
            "fixed": "2019.2.8"
        },
        {
            "introduced": "3000"
        },
        {
            "fixed": "3000.6"
        },
        {
            "introduced": "3001"
        },
        {
            "fixed": "3001.4"
        },
        {
            "introduced": "3002"
        },
        {
            "fixed": "3002.5"
        }
    ]
}

Affected versions

v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.9
v2014.*
v2014.1
v2014.7
v2015.*
v2015.2
v2015.5
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.11
v2015.8.12
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.8
v2015.8.9
v2016.*
v2016.11
v2016.11.0
v2016.11.0rc1
v2016.11.0rc2
v2016.11.1
v2016.11.2
v2016.11.4
v2016.11.5
v2016.11.6
v2016.11.9
v2016.3
v2016.3.0
v2016.3.1
v2016.3.2
v2016.3.3
v2016.3.5
v2016.3.7
v2016.9
v2017.*
v2017.5
v2017.7
v2017.7.0
v2017.7.0rc1
v2018.*
v2018.11
v2018.2
v2018.3
v2018.3.4
v2018.3.5
v2018.3.5_docs
v2019.*
v2019.2
v2019.2.1
v2019.2.1rc1
v2019.2.2
v2019.2.3
v2019.2.3_docs
v2019.2.4
v2019.2.4_docs
v2019.2.6
v2019.2.7
v3000.*
v3000.1
v3000.2
v3000.2_docs
v3000.3
v3000.4
v3000.5
Other
v3000_docs
v3001
v3002
v3001.*
v3001.1
v3001.2
v3001.3
v3002.*
v3002.2
v3002.3
v3002.4

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25282.json"