Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "3003"
}
]
}