CVE-2013-4438
SaltStack Salt < 0.17.1 - Remote Code Execution via YAML Deserialization
Title source: llmDescription
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/18/3
Patch, Vendor Advisory x_refsource_confirm
http://docs.saltstack.com/topics/releases/0.17.1.html
Scores
EPSS
0.0210
EPSS Percentile
79.4%
Details
CWE
CWE-94
Status
published
Products (31)
saltstack/salt
0.6.0
saltstack/salt
0.7.0
saltstack/salt
0.8.0
saltstack/salt
0.8.7
saltstack/salt
0.8.8
saltstack/salt
0.8.9
saltstack/salt
0.9.0
saltstack/salt
0.9.2
saltstack/salt
0.9.3
saltstack/salt
0.9.4
... and 21 more
Published
Nov 05, 2013
Tracked Since
Feb 18, 2026