Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.10 views

CVE-2021-43837

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

9.1CVSS7.5AI score0.05004EPSS
Exploits1
OSV
OSV
added 2021/12/16 7:15 p.m.17 views

CVE-2021-43837

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

9.1CVSS9.4AI score
Exploits0References3
Cvelist
Cvelist
added 2021/12/16 6:55 p.m.20 views

CVE-2021-43837 Template injection in vault-cli

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

8.4CVSS9.6AI score0.05004EPSS
Exploits1References3
CVE
CVE
added 2021/12/16 6:55 p.m.110 views

CVE-2021-43837

vault-cli (the HashiCorp Vault CLI and Python library) is vulnerable prior to version 3.0.0 due to rendering templated secrets with a Jinja2 template after the prefix !template!. An attacker controlling such a template could trigger arbitrary code execution. In 3.0.0 this templating code was remo...

9.1CVSS9.1AI score0.05004EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder