Launchpad.net

CVE 2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

See the CVE page on Mitre.org for more details.