Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/22 9:35 p.m.9 views

CVE-2021-43837

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

9.1CVSS7.5AI score0.05004EPSS
Exploits1
osv
osv
added 2021/12/16 7:15 p.m.16 views

CVE-2021-43837

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

9.1CVSS9.4AI score
Exploits0References3
cvelist
cvelist
added 2021/12/16 6:55 p.m.20 views

CVE-2021-43837 Template injection in vault-cli

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

8.4CVSS9.6AI score0.05004EPSS
Exploits1References3
cve
cve
added 2021/12/16 6:55 p.m.109 views

CVE-2021-43837

vault-cli (the HashiCorp Vault CLI and Python library) is vulnerable prior to version 3.0.0 due to rendering templated secrets with a Jinja2 template after the prefix !template!. An attacker controlling such a template could trigger arbitrary code execution. In 3.0.0 this templating code was remo...

9.1CVSS9.1AI score0.05004EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder