Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/puppet@3.5.0.rc3
Typegem
Namespace
Namepuppet
Version3.5.0.rc3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3kma-3ffw-8qd9
vulnerability_id VCID-3kma-3ffw-8qd9
summary 
Improper Input Validation
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1283.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1283.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1284.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1284.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-3567
reference_id
reference_type
scores
0
value 0.06459
scoring_system epss
scoring_elements 0.91028
published_at 2026-04-02T12:55:00Z
1
value 0.06459
scoring_system epss
scoring_elements 0.91073
published_at 2026-04-13T12:55:00Z
2
value 0.06459
scoring_system epss
scoring_elements 0.91064
published_at 2026-04-09T12:55:00Z
3
value 0.06459
scoring_system epss
scoring_elements 0.91058
published_at 2026-04-08T12:55:00Z
4
value 0.06459
scoring_system epss
scoring_elements 0.91046
published_at 2026-04-07T12:55:00Z
5
value 0.06459
scoring_system epss
scoring_elements 0.91023
published_at 2026-04-01T12:55:00Z
6
value 0.06459
scoring_system epss
scoring_elements 0.91037
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-3567
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567
7
reference_url http://secunia.com/advisories/54429
reference_id
reference_type
scores
url http://secunia.com/advisories/54429
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml
11
reference_url https://puppetlabs.com/security/cve/cve-2013-3567
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppetlabs.com/security/cve/cve-2013-3567
12
reference_url https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability
13
reference_url http://www.debian.org/security/2013/dsa-2715
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2715
14
reference_url http://www.ubuntu.com/usn/USN-1886-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1886-1
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745
reference_id 712745
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=974649
reference_id 974649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=974649
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-3567
reference_id CVE-2013-3567
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-3567
18
reference_url https://puppetlabs.com/security/cve/cve-2013-3567/
reference_id CVE-2013-3567
reference_type
scores
url https://puppetlabs.com/security/cve/cve-2013-3567/
19
reference_url https://github.com/advisories/GHSA-f7p5-w2cr-7cp7
reference_id GHSA-f7p5-w2cr-7cp7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7p5-w2cr-7cp7
20
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
21
reference_url https://access.redhat.com/errata/RHSA-2013:1283
reference_id RHSA-2013:1283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1283
22
reference_url https://access.redhat.com/errata/RHSA-2013:1284
reference_id RHSA-2013:1284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1284
23
reference_url https://usn.ubuntu.com/1886-1/
reference_id USN-1886-1
reference_type
scores
url https://usn.ubuntu.com/1886-1/
fixed_packages
aliases CVE-2013-3567, GHSA-f7p5-w2cr-7cp7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9
1
url VCID-5g6u-uvej-xbad
vulnerability_id VCID-5g6u-uvej-xbad
summary 
Moderate severity vulnerability that affects puppet
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
1
reference_url http://puppetlabs.com/security/cve/cve-2013-4761
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2013-4761
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1283.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1283.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1284.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1284.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4761
reference_id
reference_type
scores
0
value 0.0062
scoring_system epss
scoring_elements 0.7004
published_at 2026-04-09T12:55:00Z
1
value 0.0062
scoring_system epss
scoring_elements 0.70024
published_at 2026-04-08T12:55:00Z
2
value 0.0062
scoring_system epss
scoring_elements 0.69972
published_at 2026-04-01T12:55:00Z
3
value 0.0062
scoring_system epss
scoring_elements 0.69984
published_at 2026-04-02T12:55:00Z
4
value 0.0062
scoring_system epss
scoring_elements 0.69975
published_at 2026-04-07T12:55:00Z
5
value 0.0062
scoring_system epss
scoring_elements 0.69999
published_at 2026-04-04T12:55:00Z
6
value 0.0062
scoring_system epss
scoring_elements 0.70035
published_at 2026-04-13T12:55:00Z
7
value 0.0062
scoring_system epss
scoring_elements 0.70048
published_at 2026-04-12T12:55:00Z
8
value 0.0062
scoring_system epss
scoring_elements 0.70063
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4761
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml
10
reference_url https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability
11
reference_url http://www.debian.org/security/2013/dsa-2761
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2761
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=996856
reference_id 996856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=996856
13
reference_url http://puppetlabs.com/security/cve/cve-2013-4761/
reference_id CVE-2013-4761
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2013-4761/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4761
reference_id CVE-2013-4761
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4761
15
reference_url https://github.com/advisories/GHSA-cj43-9h3w-v976
reference_id GHSA-cj43-9h3w-v976
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj43-9h3w-v976
16
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
17
reference_url https://access.redhat.com/errata/RHSA-2013:1283
reference_id RHSA-2013:1283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1283
18
reference_url https://access.redhat.com/errata/RHSA-2013:1284
reference_id RHSA-2013:1284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1284
19
reference_url https://usn.ubuntu.com/1928-1/
reference_id USN-1928-1
reference_type
scores
url https://usn.ubuntu.com/1928-1/
fixed_packages
aliases CVE-2013-4761, GHSA-cj43-9h3w-v976
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad
2
url VCID-5qhd-8wfe-27dy
vulnerability_id VCID-5qhd-8wfe-27dy
summary 
Puppet does not properly restrict access to node resources
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0528
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.50016
published_at 2026-04-13T12:55:00Z
1
value 0.00265
scoring_system epss
scoring_elements 0.49966
published_at 2026-04-01T12:55:00Z
2
value 0.00265
scoring_system epss
scoring_elements 0.50003
published_at 2026-04-02T12:55:00Z
3
value 0.00265
scoring_system epss
scoring_elements 0.50031
published_at 2026-04-04T12:55:00Z
4
value 0.00265
scoring_system epss
scoring_elements 0.49982
published_at 2026-04-07T12:55:00Z
5
value 0.00265
scoring_system epss
scoring_elements 0.50037
published_at 2026-04-08T12:55:00Z
6
value 0.00265
scoring_system epss
scoring_elements 0.50029
published_at 2026-04-09T12:55:00Z
7
value 0.00265
scoring_system epss
scoring_elements 0.50047
published_at 2026-04-11T12:55:00Z
8
value 0.00265
scoring_system epss
scoring_elements 0.5002
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0528
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528
3
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
4
reference_url https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
6
reference_url http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
reference_id
reference_type
scores
url http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
7
reference_url http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
8
reference_url http://www.openwall.com/lists/oss-security/2011/01/27/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/01/27/6
9
reference_url http://www.openwall.com/lists/oss-security/2011/01/31/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/01/31/5
10
reference_url http://www.ubuntu.com/usn/USN-1365-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1365-1
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0528
reference_id CVE-2011-0528
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0528
12
reference_url https://github.com/advisories/GHSA-9pvx-fwwh-w289
reference_id GHSA-9pvx-fwwh-w289
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9pvx-fwwh-w289
13
reference_url https://usn.ubuntu.com/1365-1/
reference_id USN-1365-1
reference_type
scores
url https://usn.ubuntu.com/1365-1/
fixed_packages
aliases CVE-2011-0528, GHSA-9pvx-fwwh-w289
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhd-8wfe-27dy
3
url VCID-75gs-2gu3-6udx
vulnerability_id VCID-75gs-2gu3-6udx
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3865
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3865
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
reference_id
reference_type
scores
0
value 0.01176
scoring_system epss
scoring_elements 0.78737
published_at 2026-04-11T12:55:00Z
1
value 0.01176
scoring_system epss
scoring_elements 0.78719
published_at 2026-04-12T12:55:00Z
2
value 0.01176
scoring_system epss
scoring_elements 0.78705
published_at 2026-04-08T12:55:00Z
3
value 0.01176
scoring_system epss
scoring_elements 0.78679
published_at 2026-04-07T12:55:00Z
4
value 0.01176
scoring_system epss
scoring_elements 0.78711
published_at 2026-04-13T12:55:00Z
5
value 0.01176
scoring_system epss
scoring_elements 0.78712
published_at 2026-04-09T12:55:00Z
6
value 0.0215
scoring_system epss
scoring_elements 0.84174
published_at 2026-04-01T12:55:00Z
7
value 0.0215
scoring_system epss
scoring_elements 0.84205
published_at 2026-04-04T12:55:00Z
8
value 0.0215
scoring_system epss
scoring_elements 0.84187
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839131
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839131
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
10
reference_url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
13
reference_url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
14
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
15
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
16
reference_url http://puppetlabs.com/security/cve/cve-2012-3865/
reference_id CVE-2012-3865
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3865/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
reference_id CVE-2012-3865
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
18
reference_url https://github.com/advisories/GHSA-g89m-3wjw-h857
reference_id GHSA-g89m-3wjw-h857
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g89m-3wjw-h857
19
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
20
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
aliases CVE-2012-3865, GHSA-g89m-3wjw-h857
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx
4
url VCID-7ypq-wmb7-quhc
vulnerability_id VCID-7ypq-wmb7-quhc
summary 
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3248
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.37274
published_at 2026-04-13T12:55:00Z
1
value 0.00164
scoring_system epss
scoring_elements 0.37243
published_at 2026-04-01T12:55:00Z
2
value 0.00164
scoring_system epss
scoring_elements 0.37409
published_at 2026-04-02T12:55:00Z
3
value 0.00164
scoring_system epss
scoring_elements 0.37433
published_at 2026-04-04T12:55:00Z
4
value 0.00164
scoring_system epss
scoring_elements 0.37261
published_at 2026-04-07T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37312
published_at 2026-04-08T12:55:00Z
6
value 0.00164
scoring_system epss
scoring_elements 0.37325
published_at 2026-04-09T12:55:00Z
7
value 0.00164
scoring_system epss
scoring_elements 0.37336
published_at 2026-04-11T12:55:00Z
8
value 0.00164
scoring_system epss
scoring_elements 0.37302
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3248
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248
3
reference_url http://secunia.com/advisories/59197
reference_id
reference_type
scores
url http://secunia.com/advisories/59197
4
reference_url http://secunia.com/advisories/59200
reference_id
reference_type
scores
url http://secunia.com/advisories/59200
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml
9
reference_url https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035
10
reference_url https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet
11
reference_url https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248
12
reference_url http://www.securityfocus.com/bid/68035
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/68035
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1101346
reference_id 1101346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1101346
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
28
reference_url http://puppetlabs.com/security/cve/cve-2014-3248
reference_id CVE-2014-3248
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2014-3248
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3248
reference_id CVE-2014-3248
reference_type
scores
0
value 6.2
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:C/I:C/A:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3248
30
reference_url http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
reference_id CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET
reference_type
scores
url http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
31
reference_url https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
reference_id CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET
reference_type
scores
url https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
32
reference_url https://github.com/advisories/GHSA-92v7-pq4h-58j5
reference_id GHSA-92v7-pq4h-58j5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92v7-pq4h-58j5
33
reference_url https://security.gentoo.org/glsa/201412-15
reference_id GLSA-201412-15
reference_type
scores
url https://security.gentoo.org/glsa/201412-15
34
reference_url https://security.gentoo.org/glsa/201412-45
reference_id GLSA-201412-45
reference_type
scores
url https://security.gentoo.org/glsa/201412-45
35
reference_url https://usn.ubuntu.com/3308-1/
reference_id USN-3308-1
reference_type
scores
url https://usn.ubuntu.com/3308-1/
fixed_packages
0
url pkg:gem/puppet@3.6.2
purl pkg:gem/puppet@3.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.6.2
aliases CVE-2014-3248, GHSA-92v7-pq4h-58j5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ypq-wmb7-quhc
5
url VCID-8xgm-pabz-hkeg
vulnerability_id VCID-8xgm-pabz-hkeg
summary 
Improper Privilege Management
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10689
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25828
published_at 2026-04-11T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.25819
published_at 2026-04-09T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.2577
published_at 2026-04-08T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.25699
published_at 2026-04-07T12:55:00Z
4
value 0.00092
scoring_system epss
scoring_elements 0.25728
published_at 2026-04-13T12:55:00Z
5
value 0.00092
scoring_system epss
scoring_elements 0.25786
published_at 2026-04-12T12:55:00Z
6
value 0.00092
scoring_system epss
scoring_elements 0.2593
published_at 2026-04-04T12:55:00Z
7
value 0.00092
scoring_system epss
scoring_elements 0.25887
published_at 2026-04-02T12:55:00Z
8
value 0.00092
scoring_system epss
scoring_elements 0.25827
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10689
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
6
reference_url https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
7
reference_url https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
8
reference_url https://tickets.puppetlabs.com/browse/PUP-7866
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tickets.puppetlabs.com/browse/PUP-7866
9
reference_url https://usn.ubuntu.com/3567-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3567-1
10
reference_url https://usn.ubuntu.com/3567-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3567-1/
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1542850
reference_id 1542850
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1542850
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412
reference_id 890412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10689
reference_id CVE-2017-10689
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10689
14
reference_url https://puppet.com/security/cve/CVE-2017-10689
reference_id CVE-2017-10689
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2017-10689
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
reference_id CVE-2017-10689.YML
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
16
reference_url https://github.com/advisories/GHSA-vw22-465p-8j5w
reference_id GHSA-vw22-465p-8j5w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vw22-465p-8j5w
17
reference_url https://usn.ubuntu.com/USN-4804-1/
reference_id USN-USN-4804-1
reference_type
scores
url https://usn.ubuntu.com/USN-4804-1/
fixed_packages
0
url pkg:gem/puppet@4.10.10
purl pkg:gem/puppet@4.10.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@4.10.10
1
url pkg:gem/puppet@5.3.4
purl pkg:gem/puppet@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@5.3.4
aliases CVE-2017-10689, GHSA-vw22-465p-8j5w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg
6
url VCID-h88b-abes-3bgr
vulnerability_id VCID-h88b-abes-3bgr
summary 
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
reference_id
reference_type
scores
0
value 0.00763
scoring_system epss
scoring_elements 0.73429
published_at 2026-04-11T12:55:00Z
1
value 0.00763
scoring_system epss
scoring_elements 0.73406
published_at 2026-04-09T12:55:00Z
2
value 0.00763
scoring_system epss
scoring_elements 0.73392
published_at 2026-04-08T12:55:00Z
3
value 0.00763
scoring_system epss
scoring_elements 0.73355
published_at 2026-04-07T12:55:00Z
4
value 0.00763
scoring_system epss
scoring_elements 0.73409
published_at 2026-04-12T12:55:00Z
5
value 0.00763
scoring_system epss
scoring_elements 0.7336
published_at 2026-04-02T12:55:00Z
6
value 0.00763
scoring_system epss
scoring_elements 0.73351
published_at 2026-04-01T12:55:00Z
7
value 0.00763
scoring_system epss
scoring_elements 0.73401
published_at 2026-04-13T12:55:00Z
8
value 0.00763
scoring_system epss
scoring_elements 0.73384
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
9
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
11
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
12
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
13
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
14
reference_url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
15
reference_url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
16
reference_url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
17
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
18
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
19
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810070
reference_id 810070
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810070
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
reference_id CVE-2012-1987
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
22
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
reference_id CVE-2012-1987
reference_type
scores
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
23
reference_url https://github.com/advisories/GHSA-v58w-6xc2-w799
reference_id GHSA-v58w-6xc2-w799
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v58w-6xc2-w799
24
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
25
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
26
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
aliases CVE-2012-1987, GHSA-v58w-6xc2-w799
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr
7
url VCID-jhkk-5euf-uked
vulnerability_id VCID-jhkk-5euf-uked
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12885
published_at 2026-04-09T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12834
published_at 2026-04-08T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12754
published_at 2026-04-07T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12951
published_at 2026-04-04T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12803
published_at 2026-04-01T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12768
published_at 2026-04-13T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12813
published_at 2026-04-12T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12851
published_at 2026-04-11T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12901
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
9
reference_url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742645
reference_id 742645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742645
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
16
reference_url https://puppet.com/security/cve/cve-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3869
17
reference_url https://github.com/advisories/GHSA-8c56-v25w-f89c
reference_id GHSA-8c56-v25w-f89c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c56-v25w-f89c
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
aliases CVE-2011-3869, GHSA-8c56-v25w-f89c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked
8
url VCID-kt2h-k72f-tqc7
vulnerability_id VCID-kt2h-k72f-tqc7
summary 
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13518
4
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
5
reference_url http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1988
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.65653
published_at 2026-04-13T12:55:00Z
1
value 0.00492
scoring_system epss
scoring_elements 0.65568
published_at 2026-04-01T12:55:00Z
2
value 0.00492
scoring_system epss
scoring_elements 0.65616
published_at 2026-04-02T12:55:00Z
3
value 0.00492
scoring_system epss
scoring_elements 0.65646
published_at 2026-04-04T12:55:00Z
4
value 0.00492
scoring_system epss
scoring_elements 0.65612
published_at 2026-04-07T12:55:00Z
5
value 0.00492
scoring_system epss
scoring_elements 0.65664
published_at 2026-04-08T12:55:00Z
6
value 0.00492
scoring_system epss
scoring_elements 0.65676
published_at 2026-04-09T12:55:00Z
7
value 0.00492
scoring_system epss
scoring_elements 0.65696
published_at 2026-04-11T12:55:00Z
8
value 0.00492
scoring_system epss
scoring_elements 0.65682
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
10
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
11
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
12
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
14
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
15
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
16
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
17
reference_url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
18
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
19
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
20
reference_url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
21
reference_url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
22
reference_url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
23
reference_url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
24
reference_url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
25
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
26
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810071
reference_id 810071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810071
28
reference_url http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1988/
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
reference_id CVE-2012-1988
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
30
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
31
reference_url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
reference_id GHSA-6xxq-j39w-g3f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
32
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
33
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
34
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
aliases CVE-2012-1988, GHSA-6xxq-j39w-g3f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7
9
url VCID-pdpa-qfpq-zkcq
vulnerability_id VCID-pdpa-qfpq-zkcq
summary 
Improper Input Validation
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1655
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70391
published_at 2026-04-12T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70406
published_at 2026-04-11T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70382
published_at 2026-04-09T12:55:00Z
3
value 0.00634
scoring_system epss
scoring_elements 0.70367
published_at 2026-04-08T12:55:00Z
4
value 0.00634
scoring_system epss
scoring_elements 0.70322
published_at 2026-04-07T12:55:00Z
5
value 0.00634
scoring_system epss
scoring_elements 0.70344
published_at 2026-04-04T12:55:00Z
6
value 0.00634
scoring_system epss
scoring_elements 0.70315
published_at 2026-04-01T12:55:00Z
7
value 0.00634
scoring_system epss
scoring_elements 0.70328
published_at 2026-04-02T12:55:00Z
8
value 0.00634
scoring_system epss
scoring_elements 0.70376
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1655
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
4
reference_url http://secunia.com/advisories/52596
reference_id
reference_type
scores
url http://secunia.com/advisories/52596
5
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml
7
reference_url https://puppetlabs.com/security/cve/cve-2013-1655
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppetlabs.com/security/cve/cve-2013-1655
8
reference_url https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442
9
reference_url https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
10
reference_url http://ubuntu.com/usn/usn-1759-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1759-1
11
reference_url http://www.debian.org/security/2013/dsa-2643
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2643
12
reference_url http://www.securityfocus.com/bid/58442
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58442
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1655
reference_id CVE-2013-1655
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1655
49
reference_url https://puppetlabs.com/security/cve/cve-2013-1655/
reference_id CVE-2013-1655
reference_type
scores
url https://puppetlabs.com/security/cve/cve-2013-1655/
50
reference_url https://github.com/advisories/GHSA-574q-fxfj-wv6h
reference_id GHSA-574q-fxfj-wv6h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-574q-fxfj-wv6h
51
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
52
reference_url https://usn.ubuntu.com/1759-1/
reference_id USN-1759-1
reference_type
scores
url https://usn.ubuntu.com/1759-1/
fixed_packages
aliases CVE-2013-1655, GHSA-574q-fxfj-wv6h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-qfpq-zkcq
10
url VCID-pgg8-9sk2-57ee
vulnerability_id VCID-pgg8-9sk2-57ee
summary 
Low severity vulnerability that affects puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
1
reference_url http://projects.puppetlabs.com/issues/13606
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13606
2
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
3
reference_url http://puppetlabs.com/security/cve/cve-2012-1989
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1989
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1989
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18333
published_at 2026-04-09T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.1828
published_at 2026-04-08T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18433
published_at 2026-04-02T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18236
published_at 2026-04-13T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18287
published_at 2026-04-12T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.18335
published_at 2026-04-11T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18282
published_at 2026-04-01T12:55:00Z
7
value 0.00058
scoring_system epss
scoring_elements 0.18487
published_at 2026-04-04T12:55:00Z
8
value 0.00058
scoring_system epss
scoring_elements 0.18196
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1989
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
7
reference_url http://secunia.com/advisories/48743
reference_id
reference_type
scores
url http://secunia.com/advisories/48743
8
reference_url http://secunia.com/advisories/48748
reference_id
reference_type
scores
url http://secunia.com/advisories/48748
9
reference_url http://secunia.com/advisories/49136
reference_id
reference_type
scores
url http://secunia.com/advisories/49136
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
11
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
13
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
14
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
15
reference_url https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
16
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
17
reference_url http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/52975
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=837339
reference_id 837339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=837339
19
reference_url http://puppetlabs.com/security/cve/cve-2012-1989/
reference_id CVE-2012-1989
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1989/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1989
reference_id CVE-2012-1989
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1989
21
reference_url https://github.com/advisories/GHSA-c5qq-g673-5p49
reference_id GHSA-c5qq-g673-5p49
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5qq-g673-5p49
22
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
23
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
aliases CVE-2012-1989, GHSA-c5qq-g673-5p49
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgg8-9sk2-57ee
11
url VCID-qdsk-m9ye-z3a4
vulnerability_id VCID-qdsk-m9ye-z3a4
summary 
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27023
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60563
published_at 2026-04-13T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60584
published_at 2026-04-12T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60598
published_at 2026-04-11T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60577
published_at 2026-04-09T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60441
published_at 2026-04-01T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60512
published_at 2026-04-07T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60543
published_at 2026-04-04T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60516
published_at 2026-04-02T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60561
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27023
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023859
reference_id 2023859
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023859
9
reference_url https://security.archlinux.org/AVG-2541
reference_id AVG-2541
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2541
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27023
reference_id CVE-2021-27023
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27023
11
reference_url https://puppet.com/security/cve/CVE-2021-27023
reference_id CVE-2021-27023
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2021-27023
12
reference_url https://github.com/advisories/GHSA-93j5-g845-9wqp
reference_id GHSA-93j5-g845-9wqp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93j5-g845-9wqp
13
reference_url https://access.redhat.com/errata/RHSA-2022:1478
reference_id RHSA-2022:1478
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1478
14
reference_url https://access.redhat.com/errata/RHSA-2022:1708
reference_id RHSA-2022:1708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1708
15
reference_url https://access.redhat.com/errata/RHSA-2022:4866
reference_id RHSA-2022:4866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4866
16
reference_url https://access.redhat.com/errata/RHSA-2022:4867
reference_id RHSA-2022:4867
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4867
fixed_packages
0
url pkg:gem/puppet@6.25.1
purl pkg:gem/puppet@6.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.25.1
1
url pkg:gem/puppet@7.12.1
purl pkg:gem/puppet@7.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@7.12.1
aliases CVE-2021-27023, GHSA-93j5-g845-9wqp
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsk-m9ye-z3a4
12
url VCID-s94z-5sd6-33dk
vulnerability_id VCID-s94z-5sd6-33dk
summary 
Silent Configuration Failure in Puppet Agent
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27025.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27025.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27025
reference_id
reference_type
scores
0
value 0.00531
scoring_system epss
scoring_elements 0.67253
published_at 2026-04-13T12:55:00Z
1
value 0.00531
scoring_system epss
scoring_elements 0.67288
published_at 2026-04-12T12:55:00Z
2
value 0.00531
scoring_system epss
scoring_elements 0.67301
published_at 2026-04-11T12:55:00Z
3
value 0.00531
scoring_system epss
scoring_elements 0.67282
published_at 2026-04-09T12:55:00Z
4
value 0.00531
scoring_system epss
scoring_elements 0.67268
published_at 2026-04-08T12:55:00Z
5
value 0.00531
scoring_system epss
scoring_elements 0.6724
published_at 2026-04-04T12:55:00Z
6
value 0.00531
scoring_system epss
scoring_elements 0.67216
published_at 2026-04-07T12:55:00Z
7
value 0.00531
scoring_system epss
scoring_elements 0.67179
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27025
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772
reference_id 1014772
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023853
reference_id 2023853
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023853
10
reference_url https://security.archlinux.org/AVG-2541
reference_id AVG-2541
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2541
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27025
reference_id CVE-2021-27025
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27025
12
reference_url https://puppet.com/security/cve/cve-2021-27025
reference_id CVE-2021-27025
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2021-27025
13
reference_url https://github.com/advisories/GHSA-q4g7-jrxv-67r9
reference_id GHSA-q4g7-jrxv-67r9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4g7-jrxv-67r9
14
reference_url https://access.redhat.com/errata/RHSA-2022:1708
reference_id RHSA-2022:1708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1708
15
reference_url https://access.redhat.com/errata/RHSA-2022:4866
reference_id RHSA-2022:4866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4866
16
reference_url https://access.redhat.com/errata/RHSA-2022:4867
reference_id RHSA-2022:4867
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4867
17
reference_url https://access.redhat.com/errata/RHSA-2022:8846
reference_id RHSA-2022:8846
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8846
18
reference_url https://access.redhat.com/errata/RHSA-2022:8862
reference_id RHSA-2022:8862
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8862
fixed_packages
0
url pkg:gem/puppet@6.25.1
purl pkg:gem/puppet@6.25.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.25.1
1
url pkg:gem/puppet@7.12.1
purl pkg:gem/puppet@7.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qhd-8wfe-27dy
1
vulnerability VCID-8xgm-pabz-hkeg
2
vulnerability VCID-h88b-abes-3bgr
3
vulnerability VCID-jhkk-5euf-uked
4
vulnerability VCID-kt2h-k72f-tqc7
5
vulnerability VCID-qdsk-m9ye-z3a4
6
vulnerability VCID-s94z-5sd6-33dk
7
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@7.12.1
aliases CVE-2021-27025, GHSA-q4g7-jrxv-67r9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s94z-5sd6-33dk
13
url VCID-vgbw-4yuu-57fz
vulnerability_id VCID-vgbw-4yuu-57fz
summary 
Low severity vulnerability that affects puppet
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
1
reference_url http://puppetlabs.com/security/cve/cve-2012-3866
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3866
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3866
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15657
published_at 2026-04-12T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15692
published_at 2026-04-11T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15725
published_at 2026-04-09T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15666
published_at 2026-04-08T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.1558
published_at 2026-04-07T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.15712
published_at 2026-04-02T12:55:00Z
6
value 0.0005
scoring_system epss
scoring_elements 0.15593
published_at 2026-04-13T12:55:00Z
7
value 0.0005
scoring_system epss
scoring_elements 0.15674
published_at 2026-04-01T12:55:00Z
8
value 0.0005
scoring_system epss
scoring_elements 0.15776
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3866
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839135
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839135
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866
5
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
6
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
7
reference_url https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml
9
reference_url https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable
10
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
11
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
12
reference_url http://puppetlabs.com/security/cve/cve-2012-3866/
reference_id CVE-2012-3866
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3866/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3866
reference_id CVE-2012-3866
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3866
14
reference_url https://github.com/advisories/GHSA-8jxj-9r5f-w3m2
reference_id GHSA-8jxj-9r5f-w3m2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jxj-9r5f-w3m2
15
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
aliases CVE-2012-3866, GHSA-8jxj-9r5f-w3m2
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbw-4yuu-57fz
14
url VCID-wage-71h9-6qay
vulnerability_id VCID-wage-71h9-6qay
summary 
Moderate severity vulnerability that affects puppet
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3867
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3867
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
reference_id
reference_type
scores
0
value 0.01418
scoring_system epss
scoring_elements 0.80592
published_at 2026-04-11T12:55:00Z
1
value 0.01418
scoring_system epss
scoring_elements 0.80575
published_at 2026-04-09T12:55:00Z
2
value 0.01418
scoring_system epss
scoring_elements 0.80565
published_at 2026-04-08T12:55:00Z
3
value 0.01418
scoring_system epss
scoring_elements 0.80516
published_at 2026-04-01T12:55:00Z
4
value 0.01418
scoring_system epss
scoring_elements 0.80571
published_at 2026-04-13T12:55:00Z
5
value 0.01418
scoring_system epss
scoring_elements 0.80578
published_at 2026-04-12T12:55:00Z
6
value 0.01418
scoring_system epss
scoring_elements 0.80544
published_at 2026-04-04T12:55:00Z
7
value 0.01418
scoring_system epss
scoring_elements 0.80522
published_at 2026-04-02T12:55:00Z
8
value 0.01418
scoring_system epss
scoring_elements 0.80536
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839158
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839158
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
10
reference_url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
12
reference_url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
13
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
14
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
15
reference_url http://puppetlabs.com/security/cve/cve-2012-3867/
reference_id CVE-2012-3867
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3867/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
reference_id CVE-2012-3867
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
17
reference_url https://github.com/advisories/GHSA-q44r-f2hm-v76v
reference_id GHSA-q44r-f2hm-v76v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q44r-f2hm-v76v
18
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
19
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
aliases CVE-2012-3867, GHSA-q44r-f2hm-v76v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay
15
url VCID-ww8x-tzxr-4qbn
vulnerability_id VCID-ww8x-tzxr-4qbn
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087
1
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-0156
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.1275
published_at 2026-04-13T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12785
published_at 2026-04-01T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12883
published_at 2026-04-02T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12933
published_at 2026-04-04T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12736
published_at 2026-04-07T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12816
published_at 2026-04-08T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12867
published_at 2026-04-09T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12833
published_at 2026-04-11T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12795
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-0156
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=502881
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=502881
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128
10
reference_url https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml
12
reference_url https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-0156
reference_id CVE-2010-0156
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-0156
14
reference_url https://puppet.com/security/cve/cve-2010-0156
reference_id CVE-2010-0156
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2010-0156
15
reference_url https://github.com/advisories/GHSA-vrh7-99jh-3fmm
reference_id GHSA-vrh7-99jh-3fmm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrh7-99jh-3fmm
16
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
17
reference_url https://usn.ubuntu.com/917-1/
reference_id USN-917-1
reference_type
scores
url https://usn.ubuntu.com/917-1/
fixed_packages
aliases CVE-2010-0156, GHSA-vrh7-99jh-3fmm
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww8x-tzxr-4qbn
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.5.0.rc3