CVE-2021-3148 log

Source
Severity Medium
Remote Yes
Type Arbitrary command execution
Description
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
Group Package Affected Fixed Severity Status Ticket
AVG-1624 salt 2019.2.7-1 3002.5-3 High Fixed
Date Advisory Group Package Severity Type
27 Feb 2021 ASA-202102-33 AVG-1624 salt High multiple issues
References
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/