pkg:PyPI/salt

所有已知漏洞

• CRITICAL9.8CVE-2020-16846⚠ KEVsalt - security update
  from 0, < 2015.8.13
• CRITICAL9.8CVE-2020-16846⚠ KEVsalt - security update
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.6, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.4, >= 2017.7.5, < 2017.7.8, >= 2018.3.0rc1, < 2018.3.5, >= 2019.2.0, < 2019.2.5, >= 3000, < 3000.3
• CRITICAL9.8CVE-2020-11651⚠ KEVsalt - security update
  from 0, < 2019.2.4
• CRITICAL9.8CVE-2020-11651⚠ KEVsalt - security update
  from 0, < 2019.2.4, >= 3000, < 3000.2
• MEDIUM6.5CVE-2020-11652⚠ KEVSaltStack Salt is vulnerable Arbitrary Directory Access
  from 0, < 2019.2.4, >= 3000, < 3000.2
• MEDIUM6.5CVE-2020-11652⚠ KEVSaltStack Salt is vulnerable Arbitrary Directory Access
  from 0, < 2019.2.4
• CRITICAL9.8CVE-2021-3197SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
  from 0, < 2015.8.13
• CRITICAL9.8CVE-2021-3148SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.8CVE-2021-3148SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
  from 0, < 2015.8.13
• CRITICAL9.8CVE-2021-3197SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.8CVE-2021-25283SaltStack Salt Server Side Template Injection
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.8CVE-2021-25281SaltStack Salt Improper Authentication vulnerability
  from 0, < 2015.8.13
• CRITICAL9.8CVE-2021-25283SaltStack Salt Server Side Template Injection
  from 0, < 2015.8.13
• CRITICAL9.8CVE-2021-25281SaltStack Salt Improper Authentication vulnerability
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.8CVE-2020-25592SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
  from 0, < 2015.8.13
• CRITICAL9.8CVE-2020-25592SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.6, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.4, >= 2017.7.5, < 2017.7.8, >= 2018.3.0rc1, < 2018.3.5, >= 2019.2.0, < 2019.2.5, >= 3000, < 3000.3
• CRITICAL9.8CVE-2019-17361salt - security update
  from 0, < 2019.2.3
• CRITICAL9.8CVE-2019-17361salt - security update
  from 0, < 2019.2.1
• CRITICAL9.8CVE-2019-1010259SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
  from 0, < 2018.3.4
• CRITICAL9.8CVE-2019-1010259SaltStack Salt SQL Injection vulnerability in mysql.user_chpass function
  >= 2018.3.0, < 2018.3.4
• CRITICAL9.8CVE-2015-6941salt password information leaked in debug logs
  from 0, < c0689e32154c41f59840ae10ffc5fbfa30618710 | >= 2015.5, < 2015.5.6, >= 2015.8, < 2015.8.1
• CRITICAL9.8CVE-2015-6941salt password information leaked in debug logs
  >= 2015.5, < 2015.5.6
• CRITICAL9.8CVE-2017-12791SaltStack Salt Directory traversal vulnerability in minion id validation
  from 0, < 2016.11.7, >= 2017.7, < 2017.7.1
• CRITICAL9.8CVE-2017-12791SaltStack Salt Directory traversal vulnerability in minion id validation
• CRITICAL9.8CVE-2017-12791SaltStack Salt Directory traversal vulnerability in minion id validation
  from 0, < 2016.11.7
• CRITICAL9.8CVE-2017-14695SaltStack Salt Directory traversal vulnerability in minion id validation
  from 0, < 2016.3.8
• CRITICAL9.8CVE-2017-14695SaltStack Salt Directory traversal vulnerability in minion id validation
  from 0, < 80d90307b07b3703428ecbb7c8bb468e28a9ae6d | from 0, < 2016.3.8, >= 2016.11, < 2016.11.8, >= 2017.7, < 2017.7.2
• CRITICAL9.8CVE-2017-7893SaltStack Salt allows compromised salt-minions to impersonate the salt-master
  from 0, < 2016.3.6
• CRITICAL9.8CVE-2017-7893SaltStack Salt allows compromised salt-minions to impersonate the salt-master
  from 0, < 2016.3.6
• CRITICAL9.8CVE-2018-15751SaltStack Salt Remote command execution and incorrect access control when using salt-api
  >= 2017.7.0, < 2017.7.8
• CRITICAL9.8CVE-2018-15751SaltStack Salt Remote command execution and incorrect access control when using salt-api
  >= 2018.3.0, < 2018.3.3, from 0, < 2017.7.8
• CRITICAL9.6CVE-2024-38824Salt vulnerable to directory traversal attack in file receiving method
  >= 3007.0rc1, < 3007.4
• CRITICAL9.1CVE-2021-3144SaltStack Salt eauth tokens can be used once after expiration
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.1CVE-2021-3144SaltStack Salt eauth tokens can be used once after expiration
  from 0, < 2015.8.13
• CRITICAL9.1CVE-2021-25282SaltStack Salt Directory Traversal vulnerability
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• CRITICAL9.1CVE-2021-25282SaltStack Salt Directory Traversal vulnerability
  from 0, < 2015.8.13
• CRITICAL9.1CVE-2016-9639Salt allows deleted minions to read or write to minions with the same id
  from 0, < 2015.8.11
• CRITICAL9.1CVE-2016-9639Salt allows deleted minions to read or write to minions with the same id
  from 0, < 2015.8.11
• HIGH8.8CVE-2013-4435Salt has insufficient argument validation in several modules
  >= 0.15.0, < 0.17.1
• HIGH8.8CVE-2013-4435Salt has insufficient argument validation in several modules
  >= 0.15.0, < 0.17.1
• HIGH8.8CVE-2017-5192SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
  from 0, < 2015.8.13, >= 2016.3, < 2016.3.5, >= 2016.11, < 2016.11.2
• HIGH8.8CVE-2017-5192SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
  from 0, < 2015.8.13
• HIGH8.8CVE-2017-5200SaltStack Salt arbitrary command execution in Salt-api via ssh_client
  from 0, < 2015.8.13
• HIGH8.8CVE-2017-5200SaltStack Salt arbitrary command execution in Salt-api via ssh_client
  from 0, < 2015.8.13, >= 2016.3, < 2016.3.5, >= 2016.11, < 2016.11.2
• HIGH8.8CVE-2022-22936SaltStack Salt Authentication Bypass by Capture-replay
  from 0, < 3002.8
• HIGH8.8CVE-2022-22934SaltStack Improper Verification of Cryptographic Signature
  from 0, < 3002.8
• HIGH8.8CVE-2022-22934SaltStack Improper Verification of Cryptographic Signature
  from 0, < 3002.8
• HIGH8.8CVE-2022-22936SaltStack Salt Authentication Bypass by Capture-replay
  from 0, < 3002.8
• HIGH8.8CVE-2022-22941SaltStack Salt Permissions Bypass
  from 0, < 3002.8
• HIGH8.8CVE-2022-22941SaltStack Salt Permissions Bypass
  from 0, < 3002.8
• HIGH8.1CVE-2025-22236Salt has minion event bus authorization bypass vulnerability
  >= 3007.0, < 3007.4
• HIGH8.1CVE-2025-22239Salt vulnerable to arbitrary event injection
  >= 3006.0rc1, < 3006.12
• HIGH8.1CVE-2016-1866Salt Improper Access Control
  >= 2015.8, < 2015.8.4
• HIGH8.1CVE-2016-1866Salt Improper Access Control
  >= 2015.8.0rc1, < 2015.8.4
• HIGH8.1CVE-2013-2228SaltStack RSA Key Generation allows remote users to decrypt communications
  from 0, < 0.15.1
• HIGH7.8CVE-2025-62348Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload
  from 0, < 3006.17
• HIGH7.8CVE-2021-31607Command Injection in SaltStack Salt
  >= 2016.11.0, < 3003rc1
• HIGH7.8CVE-2021-31607Command Injection in SaltStack Salt
  >= 2016.11.0, < 3003rc1
• HIGH7.8CVE-2021-25315Saltstack Salt Unauthenticated Arbitrary Code Execution
  from 0, < 3002.2
• HIGH7.8CVE-2021-25315Saltstack Salt Unauthenticated Arbitrary Code Execution
  from 0, < 3002.2
• HIGH7.8CVE-2020-28243salt - security update
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• HIGH7.8CVE-2020-28243salt - security update
  from 0, < 2015.8.13
• HIGH7.8CVE-2017-8109SaltStack Salt Information Exposure
  >= 2016.11, < 2016.11.4
• HIGH7.8CVE-2017-8109SaltStack Salt Information Exposure
  >= 2016.11, < 2016.11.4
• HIGH7.7CVE-2024-22232Path traversal in saltstack
  from 0, < 3005.5
• HIGH7.5CVE-2022-22967Salt's PAM auth fails to reject locked accounts
  from 0, < 3002.9
• HIGH7.5CVE-2022-22967Salt's PAM auth fails to reject locked accounts
  from 0, < 3002.9
• HIGH7.5CVE-2013-6617SaltStack Privilege Escalation vulnerability
  >= 0.11.0, < 0.17.1
• HIGH7.5CVE-2013-6617SaltStack Privilege Escalation vulnerability
  >= 0.11.0, < 0.17.1
• HIGH7.5CVE-2013-4436SaltStack MITM SSH attack in salt-ssh
  >= 0.17.0, < 0.17.1
• HIGH7.5CVE-2013-4436SaltStack MITM SSH attack in salt-ssh
  >= 0.17.0, < 0.17.1
• HIGH7.5CVE-2017-14696SaltStack Salt Denial of Service via a crafted authentication request
  from 0, < 5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b | from 0, < 2016.3.8, >= 2016.11, < 2016.11.8, >= 2017.7, < 2017.7.2
• HIGH7.5CVE-2017-14696SaltStack Salt Denial of Service via a crafted authentication request
  from 0, < 2016.3.8
• HIGH7.5CVE-2015-4017Salt vulnerable to Improper Certificate Validation
  from 0, < 2014.7.6
• HIGH7.5CVE-2015-4017Salt vulnerable to Improper Certificate Validation
  from 0, < 2014.7.6
• HIGH7.5CVE-2021-21996salt - security update
  from 0, < 3003.3
• HIGH7.5CVE-2021-21996salt - security update
  from 0, < 3003.3
• HIGH7.4CVE-2020-35662SaltStack Salt Improper SSL Certificate Validation
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• HIGH7.4CVE-2020-35662SaltStack Salt Improper SSL Certificate Validation
  from 0, < 2015.8.13
• MEDIUM6.7CVE-2025-22237Salt's on demand pillar functionality vulnerable to arbitrary command injections
  >= 3006.0rc1, < 3006.12
• MEDIUM6.7CVE-2023-34049Salt preflight script could be attacker controlled
  from 0, < 3005.4
• MEDIUM6.5CVE-2013-4439Minion identity not validated in saltstack
  >= 0.15.0, < 0.17.1
• MEDIUM6.5CVE-2013-4439Minion identity not validated in saltstack
  from 0, < 0.17.1
• MEDIUM6.4CVE-2024-38825Salt's salt.auth.pki module does not properly authenticate callers
  >= 3006.0rc1, < 3006.12
• MEDIUM6.4CVE-2021-22004Improper Authentication in SaltStack Salt
  from 0, < 3003.3
• MEDIUM6.4CVE-2021-22004Improper Authentication in SaltStack Salt
  from 0, < 3003.3
• MEDIUM6.3CVE-2025-22240Salt allows arbitrary directory creation or file deletion
  >= 3007.0rc1, < 3007.4
• MEDIUM6.3CVE-2015-6918salt leaks git usernames and passwords to the log
  from 0, < 28aa9b105804ff433d8f663b2f9b804f2b75495a | from 0, < 2015.5.5
• MEDIUM6.3CVE-2015-6918salt leaks git usernames and passwords to the log
  from 0, < 2015.5.5
• MEDIUM6.2CVE-2025-62349Salt Authentication Protocol Version Downgrade Allows Minion Impersonation
  >= 3006.12, < 3006.17
• MEDIUM5.9CVE-2020-28972SaltStack Salt Improper Certificate Validation
  from 0, < 2015.8.13
• MEDIUM5.9CVE-2020-28972SaltStack Salt Improper Certificate Validation
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• MEDIUM5.6CVE-2025-22242Salt's worker process vulnerable to denial of service through file read operation
  >= 3007.0rc1, < 3007.4
• MEDIUM5.6CVE-2025-22241Salt's file contents overwrite the VirtKey class
  >= 3007.0rc1, < 3007.4
• MEDIUM5.6CVE-2016-3176Salt Insecure configuration of PAM external authentication service
  from 0, < 2015.5.10, >= 2015.8, < 2015.8.8
• MEDIUM5.6CVE-2016-3176Salt Insecure configuration of PAM external authentication service
  from 0, < 2015.5.10
• MEDIUM5.5CVE-2020-17490SaltStack Salt Allows creating certificates with weak file permissions
  from 0, < 2015.8.13
• MEDIUM5.5CVE-2020-17490SaltStack Salt Allows creating certificates with weak file permissions
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.6, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.4, >= 2017.7.5, < 2017.7.8, >= 2018.3.0rc1, < 2018.3.5, >= 2019.2.0, < 2019.2.5, >= 3000, < 3000.3
• MEDIUM5.3CVE-2023-20897Salt vulnerable to denial of service
  >= 3006.0, < 3006.2, from 0, < 3005.2
• MEDIUM5.3CVE-2023-20897Salt vulnerable to denial of service
  from 0, < 3005.2
• MEDIUM5.3CVE-2015-1838Salt improper handling of tmp files
  from 0, < e11298d7155e9982749483ca5538e46090caef9c | from 0, < 2014.7.4
• MEDIUM5.3CVE-2015-1838Salt improper handling of tmp files
  from 0, < 2014.7.4
• MEDIUM5.3CVE-2015-1839SaltStack has insecure /tmp file handling in salt/modules/chef.py
  from 0, < 2014.7.4
• MEDIUM5.3CVE-2015-1839SaltStack has insecure /tmp file handling in salt/modules/chef.py
  from 0, < b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81, < 22d2f7a1ec93300c34e8c42d14ec39d51e610b5c | from 0, < 2014.7.4
• MEDIUM5.3CVE-2018-15750salt - security update
  >= 2017.7.0, < 2017.7.8
• MEDIUM5.3CVE-2018-15750salt - security update
  from 0, < 2017.7.8, >= 2018.3.0, < 2018.3.3
• MEDIUM5.0CVE-2024-22231Directory creation by malicious user in saltstack
  from 0, < 3005.5
• MEDIUM4.4CVE-2021-25284SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
  from 0, < 2015.8.13
• MEDIUM4.4CVE-2021-25284SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
  from 0, < 2015.8.10, >= 2015.8.11, < 2015.8.13, >= 2016.3.0, < 2016.3.4, >= 2016.3.5, < 2016.3.6, >= 2016.3.7, < 2016.3.8, >= 2016.11.0, < 2016.11.3, >= 2016.11.4, < 2016.11.5, >= 2016.11.7, < 2016.11.10, >= 2017.7.0, < 2017.7.8, >= 2018.3.0rc1, < 2019.2.0rc1, >= 2019.2.0, < 2019.2.5, >= 2019.2.6, < 2019.2.8, >= 3000, < 3000.6, >= 3001, < 3001.4, >= 3002, < 3002.5
• MEDIUM4.2CVE-2025-22238Salt vulnerable to directory traversal attack in minion file cache creation
  >= 3006.0rc1, < 3006.12
• MEDIUM4.2CVE-2023-20898Salt can cause Git Providers to get wrong data
  from 0, < 3005.2
• MEDIUM4.2CVE-2023-20898Salt can cause Git Providers to get wrong data
  >= 3006.0, < 3006.2, from 0, < 3005.2
• LOW3.7CVE-2022-22935SaltStack Salt Improper Authentication via Man in the Middle Attack
  from 0, < 3002.8
• LOW3.7CVE-2022-22935SaltStack Salt Improper Authentication via Man in the Middle Attack
  from 0, < 3002.8
• LOW3.3CVE-2015-8034Salt uses weak permissions on the cache data
  from 0, < 2015.8.3
• LOW3.3CVE-2015-8034Salt uses weak permissions on the cache data
  from 0, < 2015.8.3
• —CVE-2021-33226Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/m…
  from 0, < 3003.1
• —CVE-2013-4437SaltStack insecurely uses /tmp
  >= 0.17.0, < 0.17.1
• —CVE-2013-4437SaltStack insecurely uses /tmp
  >= 0.17.0, < 0.17.1
• —CVE-2014-3563SaltStack Salt Insecure Temporary File Creation
  from 0, < 2014.1.10
• —CVE-2014-3563SaltStack Salt Insecure Temporary File Creation
  from 0, < 2014.1.10
• —CVE-2013-4438Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors.
  from 0, < 0.17.1