{"id":"PYSEC-2013-12","details":"Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.","aliases":["CVE-2013-4435","GHSA-v89f-4mc4-h6w9"],"modified":"2024-05-01T11:41:45.281474Z","published":"2013-11-05T18:55:00Z","references":[{"type":"WEB","url":"http://docs.saltstack.com/topics/releases/0.17.1.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/10/18/3"}],"affected":[{"package":{"name":"salt","ecosystem":"PyPI","purl":"pkg:pypi/salt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.15.0"},{"fixed":"0.17.1"}]}],"versions":["0.15.0","0.15.1","0.15.2","0.15.3","0.15.90","0.16.0","0.16.1","0.16.2","0.16.3","0.16.4","0.17.0","0.17.0rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2013-12.yaml"}}],"schema_version":"1.7.3"}