An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
{ "nvd_published_at": "2021-09-08T15:15:00Z", "cwe_ids": [ "CWE-668" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-07-05T22:05:39Z" }