{"affected":[{"ecosystem_specific":{"binaries":[{"python3-salt":"3002.2-lp152.3.45.1","salt":"3002.2-lp152.3.45.1","salt-api":"3002.2-lp152.3.45.1","salt-bash-completion":"3002.2-lp152.3.45.1","salt-cloud":"3002.2-lp152.3.45.1","salt-doc":"3002.2-lp152.3.45.1","salt-fish-completion":"3002.2-lp152.3.45.1","salt-master":"3002.2-lp152.3.45.1","salt-minion":"3002.2-lp152.3.45.1","salt-proxy":"3002.2-lp152.3.45.1","salt-ssh":"3002.2-lp152.3.45.1","salt-standalone-formulas-configuration":"3002.2-lp152.3.45.1","salt-syndic":"3002.2-lp152.3.45.1","salt-transactional-update":"3002.2-lp152.3.45.1","salt-zsh-completion":"3002.2-lp152.3.45.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"salt","purl":"pkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3002.2-lp152.3.45.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for salt fixes the following issues:\n\n- Support querying for JSON data in external sql pillar.\n- Exclude the full path of a download URL to prevent injection of malicious code.\n  (bsc#1190265, CVE-2021-21996)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.","id":"openSUSE-SU-2021:1443-1","modified":"2021-11-02T13:07:18Z","published":"2021-11-02T13:07:18Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YD2NL2DWHZHSXKKSMUAKRRR4DVAXJ6QS/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190265"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21996"}],"related":["CVE-2021-21996"],"summary":"Security update for salt","upstream":["CVE-2021-21996"]}