VYPR
High severity7.8NVD Advisory· Published Apr 23, 2021· Updated Jun 17, 2026

CVE-2021-31607

CVE-2021-31607

Description

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
saltPyPI
>= 2016.11.0, < 3003rc13003rc1

Affected products

105

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.