VYPR
Critical severityCISA KEVNVD Advisory· Published Nov 6, 2020· Updated Oct 21, 2025

CVE-2020-16846

CVE-2020-16846

Description

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
< 2015.8.132015.8.13
saltPyPI
>= 2016.3.0, < 2016.3.82016.3.8
saltPyPI
>= 2016.11.0, < 2016.11.102016.11.10
saltPyPI
>= 2017.5.0, < 2017.7.82017.7.8
saltPyPI
>= 2018.2.0, < 2018.3.52018.3.5
saltPyPI
>= 2019.2.0, < 2019.2.62019.2.6
saltPyPI
>= 3000.0, < 3000.43000.4
saltPyPI
>= 3001, < 3001.23001.2
saltPyPI
>= 3002, < 3002.13002.1

Affected products

64

Patches

Vulnerability mechanics

References

30

News mentions

0

No linked articles in our index yet.