{"id":"PYSEC-2016-23","details":"Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.","aliases":["CVE-2016-1866","GHSA-vqh4-crjf-jjxx"],"modified":"2023-11-08T03:58:22.995194Z","published":"2016-04-12T14:59:00Z","references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-03/msg00034.html"},{"type":"WEB","url":"https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html"}],"affected":[{"package":{"name":"salt","ecosystem":"PyPI","purl":"pkg:pypi/salt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2015.8"},{"fixed":"2015.8.4"}]}],"versions":["2015.8.0","2015.8.1","2015.8.2","2015.8.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2016-23.yaml"}}],"schema_version":"1.7.3"}