mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-06 10:41:40 +00:00
CVE-2020-16846 SaltStack RCE Vulnerability
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Affected version: SaltStack Salt < 3002
FOFA query rule: header="application/json" && header="CherryPy" && body="clients"
Demo
