---

CVE-2021-3148 - log back

CVE-2021-3148 edited at 27 Feb 2021 09:14:28

Description

- A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. Via the SaltAPI a command is constructed from formatted string and can be truncated if there are single quotes in extra_mods, since json.dumps() escapes double quotes while leaving the single quotes untouched. This could lead to a possible command injection in salt.utils.thin.gen_thin(). + An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.

CVE-2021-3148 edited at 26 Feb 2021 13:27:22
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary command execution
Description	+ A security issue was found in SaltStack before versions 3002.5, 3001.6 and 3000.8. Via the SaltAPI a command is constructed from formatted string and can be truncated if there are single quotes in extra_mods, since json.dumps() escapes double quotes while leaving the single quotes untouched. This could lead to a possible command injection in salt.utils.thin.gen_thin().
References	+ https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
Notes

CVE-2021-3148 created at 26 Feb 2021 13:09:24