Saltstack · Saltstack · CVE-2021-33226
**Name of the Vulnerable Software and Affected Versions**
Saltstack versions 3003 and before
**Description**
The issue allows an attacker to execute arbitrary code via the `func` variable in the salt/salt/modules/status.py file. This is a Buffer Overflow vulnerability. Note that there is a dispute regarding the vulnerability, as some parties claim an attacker cannot influence the eval input.
**Recommendations**
For Saltstack versions 3003 and before, consider disabling the `func` variable in the salt/salt/modules/status.py file as a temporary workaround until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.