CVE-2020-16846
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Date published : 2020-11-06
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/