Homepage

salt@3007.5 vulnerabilities

Portable, distributed, remote execution and configuration management system

  • latest version

    3007.5

  • first published

    14 years ago

  • latest version published

    2 days ago

  • licenses detected

  • View salt package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the salt package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Certificate Validation

    salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more.

    Affected versions of this package are vulnerable to Improper Certificate Validation due to improper authentication in the salt.auth.pki module. An attacker can gain unauthorized access by providing only a public certificate in the password field, which is accepted without requiring the corresponding private key.

    How to fix Improper Certificate Validation?

    A fix was pushed into the master branch but not yet published.

    [0,)
    • H
    Buffer Overflow

    salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more.

    Affected versions of this package are vulnerable to Buffer Overflow via the status function.

    How to fix Buffer Overflow?

    There is no fixed version for salt.

    [0,)
    Go back to all versions of this package