PYSEC-2016-23

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2016-23.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2016-23

Aliases

CVE-2016-1866
GHSA-vqh4-crjf-jjxx

Published

2016-04-12T14:59:00Z

Modified

2023-11-08T03:58:22.995194Z

Summary

[none]

Details

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

References

http://lists.opensuse.org/opensuse-updates/2016-03/msg00034.html
https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2015.8

Fixed

2015.8.4

Affected versions

2015.*

2015.8.0

2015.8.1

2015.8.2

2015.8.3