CVE-2013-4438

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.

Published: Nov 5, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4438
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
saltstack / salt	0.8.7	0.8.7.x
saltstack / salt	0.14.0	0.14.0.x
saltstack / salt	0.16.3	0.16.3.x
saltstack / salt	0.8.0	0.8.0.x
saltstack / salt	0.15.1	0.15.1.x
saltstack / salt	0.9.5	0.9.5.x
saltstack / salt	0.9.8	0.9.8.x
saltstack / salt	0.9.7	0.9.7.x
saltstack / salt	0.7.0	0.7.0.x
saltstack / salt	0.9.4	0.9.4.x
saltstack / salt	0.9.9	0.9.9.x
saltstack / salt	0.9.6	0.9.6.x
saltstack / salt	0.8.8	0.8.8.x
saltstack / salt	0.9.2	0.9.2.x
saltstack / salt	0.10.5	0.10.5.x
saltstack / salt	0.10.4	0.10.4.x
saltstack / salt	0.16.2	0.16.2.x
saltstack / salt	0.9.3	0.9.3.x
saltstack / salt	0.11.0	0.11.0.x
saltstack / salt	0.10.2	0.10.2.x
saltstack / salt	0.16.4	0.16.4.x
saltstack / salt	0.15.0	0.15.0.x
saltstack / salt	0.13.0	0.13.0.x
saltstack / salt	0.8.9	0.8.9.x
saltstack / salt	0.16.0	0.16.0.x
saltstack / salt	0.12.0	0.12.0.x
saltstack / salt	0.10.0	0.10.0.x
saltstack / salt	0.6.0	0.6.0.x
saltstack / salt	0.9.0	0.9.0.x
saltstack / salt	0.10.3	0.10.3.x
saltstack / salt	-	0.17.0.x

Vulnerability Database

289,697

CVE-2013-4438