CVE-2020-16846: salt: sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection

Severity: Critical

CVSS Score: 9.8

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.