Product Research Enterprise Plans Docs

PyPi: Salt

CVE-2021-29921

Transitive

Safety vulnerability ID: 41921

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 06, 2021 Updated at Apr 30, 2024

Scan your Python projects for vulnerabilities →

Advisory

Salt 3003.2 updates its dependency "ipaddress" to 3.9.5 to include security fixes.

Affected package

salt

Latest version: 3007.0

Portable, distributed, remote execution and configuration management system

Affected versions

Fixed versions

Vulnerability changelog

========================

Fixed
-----

- Periodically restart the fileserver update process to avoid leaks (50313)
- Add ssh_timeout to kwargs in deploy_script (59901)
- Update the external ipaddress to the latest 3.9.5 version which has some security fixes. Updating the compat.p to use the vendored version if the python version is below 3.9.5 and only run the test_ipaddress.py tests if below 3.9.5. (60168)
- Use the right crypto libary for salt.utils.crypt.reinit_crypto (60215)
- Stop SSH from hanging if connection is lost. Also added args to customize grace period. (60216)
- Improve reliability of Terminal class (60504)
- Ignore configuration for 'enable_fqdns_grains' for AIX, Solaris and Juniper, assume False (60529)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH

CVSS v2 Details

HIGH 7.5

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): PARTIAL