Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1048991?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "type": "deb", "namespace": "debian", "name": "puppet", "version": "3.7.2-4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.5.10-4", "latest_non_vulnerable_version": "5.5.10-4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84374?format=api", "vulnerability_id": "VCID-18aq-72zg-3uc9", "summary": "puppet: Unsafe YAML deserialization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.8313", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83275", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83258", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83267", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83147", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83159", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83191", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83201", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83233", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83234", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01893", "scoring_system": "epss", "scoring_elements": "0.83236", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452651", "reference_id": "1452651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212", "reference_id": "863212", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212" }, { "reference_url": "https://usn.ubuntu.com/3308-1/", "reference_id": "USN-3308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3308-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4804-1/", "reference_id": "USN-USN-4804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4804-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048993?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1052089?format=api", "purl": "pkg:deb/debian/puppet@4.8.2-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8xgm-pabz-hkeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5" } ], "aliases": [ "CVE-2017-2295" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18aq-72zg-3uc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14779?format=api", "vulnerability_id": "VCID-8xgm-pabz-hkeg", "summary": "Improper Privilege Management\nIn previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2927" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25827", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25887", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25699", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2577", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25819", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25828", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25786", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25728", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25714", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25689", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25634", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25625", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1" }, { "reference_url": "https://tickets.puppetlabs.com/browse/PUP-7866", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tickets.puppetlabs.com/browse/PUP-7866" }, { "reference_url": "https://usn.ubuntu.com/3567-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3567-1" }, { "reference_url": "https://usn.ubuntu.com/3567-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3567-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542850", "reference_id": "1542850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542850" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412", "reference_id": "890412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10689", "reference_id": "CVE-2017-10689", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10689" }, { "reference_url": "https://puppet.com/security/cve/CVE-2017-10689", "reference_id": "CVE-2017-10689", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2017-10689" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml", "reference_id": "CVE-2017-10689.YML", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vw22-465p-8j5w", "reference_id": "GHSA-vw22-465p-8j5w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vw22-465p-8j5w" }, { "reference_url": "https://usn.ubuntu.com/USN-4804-1/", "reference_id": "USN-USN-4804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4804-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052090?format=api", "purl": "pkg:deb/debian/puppet@5.5.10-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.10-4" } ], "aliases": [ "CVE-2017-10689", "GHSA-vw22-465p-8j5w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92918?format=api", "vulnerability_id": "VCID-bt3p-h1js-53gg", "summary": "Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78323", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78307", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78185", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78232", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78238", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78264", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78247", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78242", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78271", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78268", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78301", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713" }, { "reference_url": "https://puppet.com/security/cve/cve-2016-5713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/cve-2016-5713" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5713", "reference_id": "CVE-2016-5713", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052088?format=api", "purl": "pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5~bpo8%252B1" } ], "aliases": [ "CVE-2016-5713" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt3p-h1js-53gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58156?format=api", "vulnerability_id": "VCID-wkb1-dm1m-67db", "summary": "Multiple vulnerabilities have been found in Puppet Agent, the worst\n of which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77193", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77179", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77044", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77049", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77078", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.7706", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77092", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77102", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77129", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77109", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77145", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77147", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77138", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0101", "scoring_system": "epss", "scoring_elements": "0.77173", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5714" }, { "reference_url": "https://bugs.gentoo.org/597684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/597684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5714" }, { "reference_url": "https://puppet.com/security/cve/cve-2016-5714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/cve-2016-5714" }, { "reference_url": "https://puppet.com/security/cve/pxp-agent-oct-2016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/pxp-agent-oct-2016" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5714", "reference_id": "CVE-2016-5714", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5714" }, { "reference_url": "https://security.gentoo.org/glsa/201710-12", "reference_id": "GLSA-201710-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052088?format=api", "purl": "pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5~bpo8%252B1" } ], "aliases": [ "CVE-2016-5714" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wkb1-dm1m-67db" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8452?format=api", "vulnerability_id": "VCID-3kma-3ffw-8qd9", "summary": "Improper Input Validation\nPuppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.911", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91097", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91098", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91073", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91023", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91064", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91028", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91037", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91058", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91046", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91107", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91111", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06459", "scoring_system": "epss", "scoring_elements": "0.91114", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567" }, { "reference_url": "http://secunia.com/advisories/54429", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/54429" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppetlabs.com/security/cve/cve-2013-3567" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2715", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2715" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1886-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1886-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745", "reference_id": "712745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=974649", "reference_id": "974649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3567", "reference_id": "CVE-2013-3567", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3567" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-3567/", "reference_id": "CVE-2013-3567", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-3567/" }, { "reference_url": "https://github.com/advisories/GHSA-f7p5-w2cr-7cp7", "reference_id": "GHSA-f7p5-w2cr-7cp7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7p5-w2cr-7cp7" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1886-1/", "reference_id": "USN-1886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1886-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-3567", "GHSA-f7p5-w2cr-7cp7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8397?format=api", "vulnerability_id": "VCID-5g6u-uvej-xbad", "summary": "Moderate severity vulnerability that affects puppet\nUnspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2013-4761", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2013-4761" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70127", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70078", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70087", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70067", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70119", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69972", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69984", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.69975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.7004", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70063", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2761", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=996856", "reference_id": "996856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996856" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2013-4761/", "reference_id": "CVE-2013-4761", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2013-4761/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761", "reference_id": "CVE-2013-4761", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761" }, { "reference_url": "https://github.com/advisories/GHSA-cj43-9h3w-v976", "reference_id": "GHSA-cj43-9h3w-v976", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cj43-9h3w-v976" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1928-1/", "reference_id": "USN-1928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1928-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4761", "GHSA-cj43-9h3w-v976" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44808?format=api", "vulnerability_id": "VCID-73uh-2gkm-6kgy", "summary": "Multiple vulnerabilities have been found in Puppet, the worst of\n which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29083", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29207", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29082", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29124", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2913", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29034", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29062", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29039", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28993", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28873", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2876", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2869", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=996855", "reference_id": "996855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996855" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1928-1/", "reference_id": "USN-1928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1928-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4956" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73uh-2gkm-6kgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8394?format=api", "vulnerability_id": "VCID-7ypq-wmb7-quhc", "summary": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet\nUntrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22432", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22206", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22213", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22227", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22379", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22429", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37433", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37243", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37261", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37312", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37325", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37336", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37302", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37274", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248" }, { "reference_url": "http://secunia.com/advisories/59197", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59197" }, { "reference_url": "http://secunia.com/advisories/59200", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59200" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml" }, { "reference_url": "https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035" }, { "reference_url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet" }, { "reference_url": "https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248" }, { "reference_url": "http://www.securityfocus.com/bid/68035", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/68035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101346", "reference_id": "1101346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101346" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2014-3248", "reference_id": "CVE-2014-3248", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2014-3248" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3248", "reference_id": "CVE-2014-3248", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3248" }, { "reference_url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "reference_id": "CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET", "reference_type": "", "scores": [], "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" }, { "reference_url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "reference_id": "CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" }, { "reference_url": "https://github.com/advisories/GHSA-92v7-pq4h-58j5", "reference_id": "GHSA-92v7-pq4h-58j5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92v7-pq4h-58j5" }, { "reference_url": "https://security.gentoo.org/glsa/201412-15", "reference_id": "GLSA-201412-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-15" }, { "reference_url": "https://security.gentoo.org/glsa/201412-45", "reference_id": "GLSA-201412-45", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-45" }, { "reference_url": "https://usn.ubuntu.com/3308-1/", "reference_id": "USN-3308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3308-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2014-3248", "GHSA-92v7-pq4h-58j5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ypq-wmb7-quhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55668?format=api", "vulnerability_id": "VCID-fjbx-bqnn-2bf3", "summary": "insecure temporary files", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1129", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11408", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11536", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11464", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11533", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11499", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1133", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11455", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11407", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11365", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045212", "reference_id": "1045212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045212" }, { "reference_url": "https://usn.ubuntu.com/2077-1/", "reference_id": "USN-2077-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2077-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572282?format=api", "purl": "pkg:deb/debian/puppet@2.7.23-1~deb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-3kma-3ffw-8qd9" }, { "vulnerability": "VCID-5g6u-uvej-xbad" }, { "vulnerability": "VCID-73uh-2gkm-6kgy" }, { "vulnerability": "VCID-7ypq-wmb7-quhc" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-fjbx-bqnn-2bf3" }, { "vulnerability": "VCID-kkve-dj7r-gue1" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2013-4969" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjbx-bqnn-2bf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86260?format=api", "vulnerability_id": "VCID-kkve-dj7r-gue1", "summary": "puppet: certificates could be honored even when revoked", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3250.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3250.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49196", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49238", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.4917", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49229", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49181", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49232", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49222", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49228", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49273", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49271", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49241", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250" }, { "reference_url": "https://puppet.com/security/cve/CVE-2014-3250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/CVE-2014-3250" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101347", "reference_id": "1101347", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101347" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3250", "reference_id": "CVE-2014-3250", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3250" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1048991?format=api", "purl": "pkg:deb/debian/puppet@3.7.2-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18aq-72zg-3uc9" }, { "vulnerability": "VCID-8xgm-pabz-hkeg" }, { "vulnerability": "VCID-bt3p-h1js-53gg" }, { "vulnerability": "VCID-wkb1-dm1m-67db" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" } ], "aliases": [ "CVE-2014-3250" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkve-dj7r-gue1" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4" }