CVE-2013-1655 – puppet

Package

Manager: gem
Name: puppet
Vulnerable Version: >=2.7.0 <2.7.21 || >=3.1.0 <3.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0092 pctl0.75099

Details

Puppet Improper Input Validation vulnerability Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."

Metadata

Created: 2017-10-24T18:33:37Z
Modified: 2023-05-12T17:26:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-574q-fxfj-wv6h/GHSA-574q-fxfj-wv6h.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-574q-fxfj-wv6h
Finding: F184
Auto approve: 1