4 matches found
CVE-2021-43837
vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...
CVE-2021-43837
vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...
CVE-2021-43837 Template injection in vault-cli
vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...
CVE-2021-43837
vault-cli (the HashiCorp Vault CLI and Python library) is vulnerable prior to version 3.0.0 due to rendering templated secrets with a Jinja2 template after the prefix !template!. An attacker controlling such a template could trigger arbitrary code execution. In 3.0.0 this templating code was remo...