Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/161630?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/161630?format=api", "purl": "pkg:gem/puppet@3.5.0.rc2", "type": "gem", "namespace": "", "name": "puppet", "version": "3.5.0.rc2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39057?format=api", "vulnerability_id": "VCID-38dv-ps67-r7f7", "summary": "Moderate severity vulnerability that affects puppet\nUnspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2013-4761", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2013-4761" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70463", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0062", "scoring_system": "epss", "scoring_elements": "0.70422", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2761", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=996856", "reference_id": "996856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996856" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2013-4761/", "reference_id": "CVE-2013-4761", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2013-4761/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761", "reference_id": "CVE-2013-4761", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4761" }, { "reference_url": "https://github.com/advisories/GHSA-cj43-9h3w-v976", "reference_id": "GHSA-cj43-9h3w-v976", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cj43-9h3w-v976" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1928-1/", "reference_id": "USN-1928-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1928-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-4761", "GHSA-cj43-9h3w-v976" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38dv-ps67-r7f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43993?format=api", "vulnerability_id": "VCID-7wuf-dtva-x7ej", "summary": "Improper Link Resolution Before File Access ('Link Following')\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.", "references": [ { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3869", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13111", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13189", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2314", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2314" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1223-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1223-2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=742645", "reference_id": "742645", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3869", "reference_id": "CVE-2011-3869", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3869" }, { "reference_url": "https://puppet.com/security/cve/cve-2011-3869", "reference_id": "CVE-2011-3869", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2011-3869" }, { "reference_url": "https://github.com/advisories/GHSA-8c56-v25w-f89c", "reference_id": "GHSA-8c56-v25w-f89c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8c56-v25w-f89c" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/1223-1/", "reference_id": "USN-1223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1223-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2011-3869", "GHSA-8c56-v25w-f89c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wuf-dtva-x7ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7016?format=api", "vulnerability_id": "VCID-8n86-g8a8-f7a9", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.6764", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67599", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772", "reference_id": "1014772", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023853", "reference_id": "2023853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023853" }, { "reference_url": "https://security.archlinux.org/AVG-2541", "reference_id": "AVG-2541", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2541" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27025", "reference_id": "CVE-2021-27025", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27025" }, { "reference_url": "https://puppet.com/security/cve/cve-2021-27025", "reference_id": "CVE-2021-27025", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2021-27025" }, { "reference_url": "https://github.com/advisories/GHSA-q4g7-jrxv-67r9", "reference_id": "GHSA-q4g7-jrxv-67r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4g7-jrxv-67r9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1708", "reference_id": "RHSA-2022:1708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4866", "reference_id": "RHSA-2022:4866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4867", "reference_id": "RHSA-2022:4867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8846", "reference_id": "RHSA-2022:8846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8862", "reference_id": "RHSA-2022:8862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8862" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59701?format=api", "purl": "pkg:gem/puppet@6.25.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7wuf-dtva-x7ej" }, { "vulnerability": "VCID-8n86-g8a8-f7a9" }, { "vulnerability": "VCID-982t-up4e-t7eg" }, { "vulnerability": "VCID-fjyu-jwpx-sfe5" }, { "vulnerability": "VCID-mn3q-6cs1-ukcq" }, { "vulnerability": "VCID-msp5-ahmq-hbc3" }, { "vulnerability": "VCID-thv1-66q2-uuc9" }, { "vulnerability": "VCID-tstb-eb21-hkhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.25.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/141223?format=api", "purl": "pkg:gem/puppet@7.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7wuf-dtva-x7ej" }, { "vulnerability": "VCID-8n86-g8a8-f7a9" }, { "vulnerability": "VCID-982t-up4e-t7eg" }, { "vulnerability": "VCID-fjyu-jwpx-sfe5" }, { "vulnerability": "VCID-mn3q-6cs1-ukcq" }, { "vulnerability": "VCID-msp5-ahmq-hbc3" }, { "vulnerability": "VCID-thv1-66q2-uuc9" }, { "vulnerability": "VCID-tstb-eb21-hkhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@7.12.1" } ], "aliases": [ "CVE-2021-27025", "GHSA-q4g7-jrxv-67r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n86-g8a8-f7a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43199?format=api", "vulnerability_id": "VCID-982t-up4e-t7eg", "summary": "Improper Link Resolution Before File Access ('Link Following')\nPuppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.", "references": [ { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087" }, { "reference_url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0938", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09336", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0156" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=502881", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=502881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml" }, { "reference_url": "https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0156", "reference_id": "CVE-2010-0156", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0156" }, { "reference_url": "https://puppet.com/security/cve/cve-2010-0156", "reference_id": "CVE-2010-0156", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2010-0156" }, { "reference_url": "https://github.com/advisories/GHSA-vrh7-99jh-3fmm", "reference_id": "GHSA-vrh7-99jh-3fmm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrh7-99jh-3fmm" }, { "reference_url": "https://security.gentoo.org/glsa/201203-03", "reference_id": "GLSA-201203-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-03" }, { "reference_url": "https://usn.ubuntu.com/917-1/", "reference_id": "USN-917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/917-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2010-0156", "GHSA-vrh7-99jh-3fmm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-982t-up4e-t7eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39094?format=api", "vulnerability_id": "VCID-ear8-9pcm-zqfz", "summary": "Low severity vulnerability that affects puppet\ntelnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html" }, { "reference_url": "http://projects.puppetlabs.com/issues/13606", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/issues/13606" }, { "reference_url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1989", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-1989" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1855", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18472", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989" }, { "reference_url": "http://secunia.com/advisories/48743", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/48743" }, { "reference_url": "http://secunia.com/advisories/48748", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/48748" }, { "reference_url": "http://secunia.com/advisories/49136", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49136" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74797", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74797" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access" }, { "reference_url": "http://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=837339", "reference_id": "837339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=837339" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1989/", "reference_id": "CVE-2012-1989", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-1989/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1989", "reference_id": "CVE-2012-1989", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1989" }, { "reference_url": "https://github.com/advisories/GHSA-c5qq-g673-5p49", "reference_id": "GHSA-c5qq-g673-5p49", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c5qq-g673-5p49" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-1989", "GHSA-c5qq-g673-5p49" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ear8-9pcm-zqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43816?format=api", "vulnerability_id": "VCID-fjyu-jwpx-sfe5", "summary": "Improper Neutralization of Special Elements used in a Command ('Command Injection')\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html" }, { "reference_url": "http://projects.puppetlabs.com/issues/13518", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/issues/13518" }, { "reference_url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-1988" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66003", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00492", "scoring_system": "epss", "scoring_elements": "0.66055", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74796", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74796" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml" }, { "reference_url": "https://hermes.opensuse.org/messages/14523305", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/14523305" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518" }, { "reference_url": "https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988" }, { "reference_url": "https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789" }, { "reference_url": "https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748" }, { "reference_url": "https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136" }, { "reference_url": "https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743" }, { "reference_url": "https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975" }, { "reference_url": "http://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2451", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810071", "reference_id": "810071", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810071" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1988", "reference_id": "CVE-2012-1988", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1988" }, { "reference_url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/", "reference_id": "CVE-2012-1988", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/" }, { "reference_url": "https://github.com/advisories/GHSA-6xxq-j39w-g3f6", "reference_id": "GHSA-6xxq-j39w-g3f6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6xxq-j39w-g3f6" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-1988", "GHSA-6xxq-j39w-g3f6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjyu-jwpx-sfe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39074?format=api", "vulnerability_id": "VCID-khb1-phav-ukf8", "summary": "Low severity vulnerability that affects puppet\nlib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3866" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16136", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16052", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3866" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839135", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3866/", "reference_id": "CVE-2012-3866", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3866/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3866", "reference_id": "CVE-2012-3866", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3866" }, { "reference_url": "https://github.com/advisories/GHSA-8jxj-9r5f-w3m2", "reference_id": "GHSA-8jxj-9r5f-w3m2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jxj-9r5f-w3m2" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-3866", "GHSA-8jxj-9r5f-w3m2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khb1-phav-ukf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43517?format=api", "vulnerability_id": "VCID-mn3q-6cs1-ukcq", "summary": "Improper Privilege Management\nIn previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2927" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25747", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2585", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-10689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1" }, { "reference_url": "https://tickets.puppetlabs.com/browse/PUP-7866", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tickets.puppetlabs.com/browse/PUP-7866" }, { "reference_url": "https://usn.ubuntu.com/3567-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3567-1" }, { "reference_url": "https://usn.ubuntu.com/3567-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3567-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542850", "reference_id": "1542850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542850" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412", "reference_id": "890412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10689", "reference_id": "CVE-2017-10689", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10689" }, { "reference_url": "https://puppet.com/security/cve/CVE-2017-10689", "reference_id": "CVE-2017-10689", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2017-10689" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml", "reference_id": "CVE-2017-10689.YML", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml" }, { "reference_url": "https://github.com/advisories/GHSA-vw22-465p-8j5w", "reference_id": "GHSA-vw22-465p-8j5w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vw22-465p-8j5w" }, { "reference_url": "https://usn.ubuntu.com/USN-4804-1/", "reference_id": "USN-USN-4804-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4804-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62445?format=api", "purl": "pkg:gem/puppet@4.10.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7wuf-dtva-x7ej" }, { "vulnerability": "VCID-8n86-g8a8-f7a9" }, { "vulnerability": "VCID-982t-up4e-t7eg" }, { "vulnerability": "VCID-fjyu-jwpx-sfe5" }, { "vulnerability": "VCID-mn3q-6cs1-ukcq" }, { "vulnerability": "VCID-msp5-ahmq-hbc3" }, { "vulnerability": "VCID-thv1-66q2-uuc9" }, { "vulnerability": "VCID-tstb-eb21-hkhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@4.10.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62446?format=api", "purl": "pkg:gem/puppet@5.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7wuf-dtva-x7ej" }, { "vulnerability": "VCID-8n86-g8a8-f7a9" }, { "vulnerability": "VCID-982t-up4e-t7eg" }, { "vulnerability": "VCID-fjyu-jwpx-sfe5" }, { "vulnerability": "VCID-mn3q-6cs1-ukcq" }, { "vulnerability": "VCID-msp5-ahmq-hbc3" }, { "vulnerability": "VCID-thv1-66q2-uuc9" }, { "vulnerability": "VCID-tstb-eb21-hkhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@5.3.4" } ], "aliases": [ "CVE-2017-10689", "GHSA-vw22-465p-8j5w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn3q-6cs1-ukcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44043?format=api", "vulnerability_id": "VCID-msp5-ahmq-hbc3", "summary": "Puppet does not properly restrict access to node resources\nPuppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50207", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50268", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml" }, { "reference_url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html" }, { "reference_url": "http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/01/27/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/01/27/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/01/31/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/01/31/5" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1365-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1365-1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0528", "reference_id": "CVE-2011-0528", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0528" }, { "reference_url": "https://github.com/advisories/GHSA-9pvx-fwwh-w289", "reference_id": "GHSA-9pvx-fwwh-w289", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9pvx-fwwh-w289" }, { "reference_url": "https://usn.ubuntu.com/1365-1/", "reference_id": "USN-1365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1365-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2011-0528", "GHSA-9pvx-fwwh-w289" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msp5-ahmq-hbc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39054?format=api", "vulnerability_id": "VCID-nrht-tzzq-eqhs", "summary": "Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet\nUntrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2258", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22496", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248" }, { "reference_url": "http://secunia.com/advisories/59197", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59197" }, { "reference_url": "http://secunia.com/advisories/59200", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59200" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml" }, { "reference_url": "https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035" }, { "reference_url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet" }, { "reference_url": "https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248" }, { "reference_url": "http://www.securityfocus.com/bid/68035", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/68035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101346", "reference_id": "1101346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101346" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2014-3248", "reference_id": "CVE-2014-3248", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2014-3248" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3248", "reference_id": "CVE-2014-3248", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3248" }, { "reference_url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "reference_id": "CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET", "reference_type": "", "scores": [], "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" }, { "reference_url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", "reference_id": "CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" }, { "reference_url": "https://github.com/advisories/GHSA-92v7-pq4h-58j5", "reference_id": "GHSA-92v7-pq4h-58j5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92v7-pq4h-58j5" }, { "reference_url": "https://security.gentoo.org/glsa/201412-15", "reference_id": "GLSA-201412-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-15" }, { "reference_url": "https://security.gentoo.org/glsa/201412-45", "reference_id": "GLSA-201412-45", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-45" }, { "reference_url": "https://usn.ubuntu.com/3308-1/", "reference_id": "USN-3308-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3308-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54470?format=api", "purl": "pkg:gem/puppet@3.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38dv-ps67-r7f7" }, { "vulnerability": "VCID-7wuf-dtva-x7ej" }, { "vulnerability": "VCID-8n86-g8a8-f7a9" }, { "vulnerability": "VCID-982t-up4e-t7eg" }, { "vulnerability": "VCID-ear8-9pcm-zqfz" }, { "vulnerability": "VCID-fjyu-jwpx-sfe5" }, { "vulnerability": "VCID-khb1-phav-ukf8" }, { "vulnerability": "VCID-mn3q-6cs1-ukcq" }, { "vulnerability": "VCID-msp5-ahmq-hbc3" }, { "vulnerability": "VCID-nrht-tzzq-eqhs" }, { "vulnerability": "VCID-qhz5-1muw-dqgn" }, { "vulnerability": "VCID-thv1-66q2-uuc9" }, { "vulnerability": "VCID-tstb-eb21-hkhp" }, { "vulnerability": "VCID-vxdt-q1t7-27hh" }, { "vulnerability": "VCID-wqm7-m41f-pqfm" }, { "vulnerability": "VCID-xhmp-nrhy-zfcn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.6.2" } ], "aliases": [ "CVE-2014-3248", "GHSA-92v7-pq4h-58j5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrht-tzzq-eqhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39060?format=api", "vulnerability_id": "VCID-qhz5-1muw-dqgn", "summary": "Moderate severity vulnerability that affects puppet\nlib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3867", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3867" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80944", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80916", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3867" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839158", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3867/", "reference_id": "CVE-2012-3867", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3867/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3867", "reference_id": "CVE-2012-3867", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3867" }, { "reference_url": "https://github.com/advisories/GHSA-q44r-f2hm-v76v", "reference_id": "GHSA-q44r-f2hm-v76v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q44r-f2hm-v76v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-3867", "GHSA-q44r-f2hm-v76v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhz5-1muw-dqgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44047?format=api", "vulnerability_id": "VCID-thv1-66q2-uuc9", "summary": "Puppet Denial of Service and Arbitrary File Write\nUnspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73768", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73805", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1987" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml" }, { "reference_url": "https://hermes.opensuse.org/messages/14523305", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/14523305" }, { "reference_url": "https://hermes.opensuse.org/messages/15087408", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hermes.opensuse.org/messages/15087408" }, { "reference_url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975" }, { "reference_url": "https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553" }, { "reference_url": "https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552" }, { "reference_url": "https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" }, { "reference_url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987" }, { "reference_url": "http://ubuntu.com/usn/usn-1419-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1419-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2451", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=810070", "reference_id": "810070", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810070" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1987", "reference_id": "CVE-2012-1987", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1987" }, { "reference_url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/", "reference_id": "CVE-2012-1987", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/" }, { "reference_url": "https://github.com/advisories/GHSA-v58w-6xc2-w799", "reference_id": "GHSA-v58w-6xc2-w799", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v58w-6xc2-w799" }, { "reference_url": "https://security.gentoo.org/glsa/201208-02", "reference_id": "GLSA-201208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1419-1/", "reference_id": "USN-1419-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1419-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-1987", "GHSA-v58w-6xc2-w799" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-thv1-66q2-uuc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7017?format=api", "vulnerability_id": "VCID-tstb-eb21-hkhp", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60885", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60934", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023859", "reference_id": "2023859", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023859" }, { "reference_url": "https://security.archlinux.org/AVG-2541", "reference_id": "AVG-2541", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2541" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27023", "reference_id": "CVE-2021-27023", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27023" }, { "reference_url": "https://puppet.com/security/cve/CVE-2021-27023", "reference_id": "CVE-2021-27023", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/CVE-2021-27023" }, { "reference_url": "https://github.com/advisories/GHSA-93j5-g845-9wqp", "reference_id": "GHSA-93j5-g845-9wqp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93j5-g845-9wqp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1478", "reference_id": "RHSA-2022:1478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1708", "reference_id": "RHSA-2022:1708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4866", "reference_id": "RHSA-2022:4866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4867", "reference_id": "RHSA-2022:4867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59701?format=api", "purl": "pkg:gem/puppet@6.25.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7wuf-dtva-x7ej" }, { "vulnerability": "VCID-8n86-g8a8-f7a9" }, { "vulnerability": "VCID-982t-up4e-t7eg" }, { "vulnerability": "VCID-fjyu-jwpx-sfe5" }, { "vulnerability": "VCID-mn3q-6cs1-ukcq" }, { "vulnerability": "VCID-msp5-ahmq-hbc3" }, { "vulnerability": "VCID-thv1-66q2-uuc9" }, { "vulnerability": "VCID-tstb-eb21-hkhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@6.25.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/141223?format=api", "purl": "pkg:gem/puppet@7.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7wuf-dtva-x7ej" }, { "vulnerability": "VCID-8n86-g8a8-f7a9" }, { "vulnerability": "VCID-982t-up4e-t7eg" }, { "vulnerability": "VCID-fjyu-jwpx-sfe5" }, { "vulnerability": "VCID-mn3q-6cs1-ukcq" }, { "vulnerability": "VCID-msp5-ahmq-hbc3" }, { "vulnerability": "VCID-thv1-66q2-uuc9" }, { "vulnerability": "VCID-tstb-eb21-hkhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@7.12.1" } ], "aliases": [ "CVE-2021-27023", "GHSA-93j5-g845-9wqp" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tstb-eb21-hkhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39088?format=api", "vulnerability_id": "VCID-vxdt-q1t7-27hh", "summary": "Improper Input Validation\nPuppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.6786", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.6782", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1655" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655" }, { "reference_url": "http://secunia.com/advisories/52596", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52596" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-1655", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppetlabs.com/security/cve/cve-2013-1655" }, { "reference_url": "https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability" }, { "reference_url": "http://ubuntu.com/usn/usn-1759-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1759-1" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2643", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2643" }, { "reference_url": "http://www.securityfocus.com/bid/58442", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/58442" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1655", "reference_id": "CVE-2013-1655", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1655" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-1655/", "reference_id": "CVE-2013-1655", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-1655/" }, { "reference_url": "https://github.com/advisories/GHSA-574q-fxfj-wv6h", "reference_id": "GHSA-574q-fxfj-wv6h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-574q-fxfj-wv6h" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://usn.ubuntu.com/1759-1/", "reference_id": "USN-1759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1759-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-1655", "GHSA-574q-fxfj-wv6h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxdt-q1t7-27hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39098?format=api", "vulnerability_id": "VCID-wqm7-m41f-pqfm", "summary": "Improper Input Validation\nPuppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1283.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1284.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05772", "scoring_system": "epss", "scoring_elements": "0.90652", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05772", "scoring_system": "epss", "scoring_elements": "0.90638", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567" }, { "reference_url": "http://secunia.com/advisories/54429", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/54429" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppetlabs.com/security/cve/cve-2013-3567" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2715", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2715" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1886-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1886-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745", "reference_id": "712745", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=974649", "reference_id": "974649", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3567", "reference_id": "CVE-2013-3567", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3567" }, { "reference_url": "https://puppetlabs.com/security/cve/cve-2013-3567/", "reference_id": "CVE-2013-3567", "reference_type": "", "scores": [], "url": "https://puppetlabs.com/security/cve/cve-2013-3567/" }, { "reference_url": "https://github.com/advisories/GHSA-f7p5-w2cr-7cp7", "reference_id": "GHSA-f7p5-w2cr-7cp7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7p5-w2cr-7cp7" }, { "reference_url": "https://security.gentoo.org/glsa/201308-04", "reference_id": "GLSA-201308-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201308-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1283", "reference_id": "RHSA-2013:1283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1284", "reference_id": "RHSA-2013:1284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1284" }, { "reference_url": "https://usn.ubuntu.com/1886-1/", "reference_id": "USN-1886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1886-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2013-3567", "GHSA-f7p5-w2cr-7cp7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqm7-m41f-pqfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39052?format=api", "vulnerability_id": "VCID-xhmp-nrhy-zfcn", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3865", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3865" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.7908", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.79054", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839131", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml" }, { "reference_url": "https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3865/", "reference_id": "CVE-2012-3865", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3865/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3865", "reference_id": "CVE-2012-3865", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3865" }, { "reference_url": "https://github.com/advisories/GHSA-g89m-3wjw-h857", "reference_id": "GHSA-g89m-3wjw-h857", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g89m-3wjw-h857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2012-3865", "GHSA-g89m-3wjw-h857" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhmp-nrhy-zfcn" } ], "fixing_vulnerabilities": [], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.5.0.rc2" }