CVE-2013-4438

SaltStack Salt < 0.17.1 - Remote Code Execution via YAML Deserialization

Title source: llm
STIX 2.1

Description

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/18/3
Patch, Vendor Advisory x_refsource_confirm
http://docs.saltstack.com/topics/releases/0.17.1.html

Scores

EPSS 0.0210
EPSS Percentile 79.4%

Details

CWE
CWE-94
Status published
Products (31)
saltstack/salt 0.6.0
saltstack/salt 0.7.0
saltstack/salt 0.8.0
saltstack/salt 0.8.7
saltstack/salt 0.8.8
saltstack/salt 0.8.9
saltstack/salt 0.9.0
saltstack/salt 0.9.2
saltstack/salt 0.9.3
saltstack/salt 0.9.4
... and 21 more
Published Nov 05, 2013
Tracked Since Feb 18, 2026