EUVD-2021-0458

Malware in sbrugna...

CVE-2021-43837

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

Remote Code Execution (RCE)

vault-cli is vulnerable to remote code execution. An attacker who controls the jinja2 template rendered on a machine can trigger arbitrary code when a secret starts prefix with !template!...

GHSA-Q34H-97WF-8R8J vault-cli contains possible RCE when reading user-defined data

Impact What kind of vulnerability is it? Who is impacted? vault-cli features the ability for rendering templated values as explained in the documentation. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a...

vault-cli contains possible RCE when reading user-defined data

Impact What kind of vulnerability is it? Who is impacted? vault-cli features the ability for rendering templated values as explained in the documentation. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a...

PYSEC-2021-853

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

PYSEC-2021-853

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

CVE-2021-43837 Template injection in vault-cli

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

CVE-2021-43837

vault-cli (the HashiCorp Vault CLI and Python library) is vulnerable prior to version 3.0.0 due to rendering templated secrets with a Jinja2 template after the prefix !template!. An attacker controlling such a template could trigger arbitrary code execution. In 3.0.0 this templating code was remo...

vault-cli 代码注入漏洞

vault-cli is a Python 3.6 tool that provides simple interactions to manipulate secrets from Hashicorp Vault. vault-cli is vulnerable to an injection vulnerability in versions prior to 3.0.0, which stems from the failure of a network system or product to properly filter special elements in code...