The host is installed with SaltStack Salt before 2019.2.6, 3000.x before 3000.4, 3001.x before 3001.2 or 3002.0 and is prone to a shell injection vulnerability. A flaw exists exists within the application, which fails to properly handle an issue in the SSH client. Successful exploitation allows an unauthenticated user with network access to the Salt API to run code on the Salt-API.