{
  "threat_severity" : "Important",
  "public_date" : "2021-02-25T00:00:00Z",
  "bugzilla" : {
    "description" : "salt: Jinja renderer does not protect against server-side template injection attacks",
    "id" : "1933331",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1933331"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-94",
  "details" : [ "An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.", "A flaw was found in Salt. The jinja renderer does not protect against server-side template injection attacks. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "statement" : "Salt has been deprecated as of Red Hat Ceph Storage 2.5, as Salt was used to install RHSCON-2 and RHSCON-2 has reached End Of Life.",
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 2",
    "fix_state" : "Will not fix",
    "package_name" : "salt",
    "cpe" : "cpe:/a:redhat:ceph_storage:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-25283\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25283" ],
  "name" : "CVE-2021-25283",
  "csaw" : false
}