Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/puppet@2.7.0
Typegem
Namespace
Namepuppet
Version2.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3kma-3ffw-8qd9
vulnerability_id VCID-3kma-3ffw-8qd9
summary 
Improper Input Validation
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1283.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1283.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1284.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1284.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-3567
reference_id
reference_type
scores
0
value 0.06459
scoring_system epss
scoring_elements 0.91073
published_at 2026-04-13T12:55:00Z
1
value 0.06459
scoring_system epss
scoring_elements 0.91064
published_at 2026-04-09T12:55:00Z
2
value 0.06459
scoring_system epss
scoring_elements 0.91058
published_at 2026-04-08T12:55:00Z
3
value 0.06459
scoring_system epss
scoring_elements 0.91046
published_at 2026-04-07T12:55:00Z
4
value 0.06459
scoring_system epss
scoring_elements 0.91023
published_at 2026-04-01T12:55:00Z
5
value 0.06459
scoring_system epss
scoring_elements 0.91028
published_at 2026-04-02T12:55:00Z
6
value 0.06459
scoring_system epss
scoring_elements 0.911
published_at 2026-04-21T12:55:00Z
7
value 0.06459
scoring_system epss
scoring_elements 0.91097
published_at 2026-04-18T12:55:00Z
8
value 0.06459
scoring_system epss
scoring_elements 0.91098
published_at 2026-04-16T12:55:00Z
9
value 0.06459
scoring_system epss
scoring_elements 0.91037
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-3567
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567
7
reference_url http://secunia.com/advisories/54429
reference_id
reference_type
scores
url http://secunia.com/advisories/54429
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml
11
reference_url https://puppetlabs.com/security/cve/cve-2013-3567
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppetlabs.com/security/cve/cve-2013-3567
12
reference_url https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability
13
reference_url http://www.debian.org/security/2013/dsa-2715
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2715
14
reference_url http://www.ubuntu.com/usn/USN-1886-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1886-1
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745
reference_id 712745
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=974649
reference_id 974649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=974649
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-3567
reference_id CVE-2013-3567
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-3567
18
reference_url https://puppetlabs.com/security/cve/cve-2013-3567/
reference_id CVE-2013-3567
reference_type
scores
url https://puppetlabs.com/security/cve/cve-2013-3567/
19
reference_url https://github.com/advisories/GHSA-f7p5-w2cr-7cp7
reference_id GHSA-f7p5-w2cr-7cp7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7p5-w2cr-7cp7
20
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
21
reference_url https://access.redhat.com/errata/RHSA-2013:1283
reference_id RHSA-2013:1283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1283
22
reference_url https://access.redhat.com/errata/RHSA-2013:1284
reference_id RHSA-2013:1284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1284
23
reference_url https://usn.ubuntu.com/1886-1/
reference_id USN-1886-1
reference_type
scores
url https://usn.ubuntu.com/1886-1/
fixed_packages
0
url pkg:gem/puppet@2.7.22
purl pkg:gem/puppet@2.7.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.22
1
url pkg:gem/puppet@3.2.2
purl pkg:gem/puppet@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.2.2
aliases CVE-2013-3567, GHSA-f7p5-w2cr-7cp7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9
1
url VCID-5g6u-uvej-xbad
vulnerability_id VCID-5g6u-uvej-xbad
summary 
Moderate severity vulnerability that affects puppet
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html
1
reference_url http://puppetlabs.com/security/cve/cve-2013-4761
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2013-4761
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1283.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1283.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1284.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1284.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4761
reference_id
reference_type
scores
0
value 0.0062
scoring_system epss
scoring_elements 0.70067
published_at 2026-04-21T12:55:00Z
1
value 0.0062
scoring_system epss
scoring_elements 0.7004
published_at 2026-04-09T12:55:00Z
2
value 0.0062
scoring_system epss
scoring_elements 0.70063
published_at 2026-04-11T12:55:00Z
3
value 0.0062
scoring_system epss
scoring_elements 0.70048
published_at 2026-04-12T12:55:00Z
4
value 0.0062
scoring_system epss
scoring_elements 0.70035
published_at 2026-04-13T12:55:00Z
5
value 0.0062
scoring_system epss
scoring_elements 0.70078
published_at 2026-04-16T12:55:00Z
6
value 0.0062
scoring_system epss
scoring_elements 0.70087
published_at 2026-04-18T12:55:00Z
7
value 0.0062
scoring_system epss
scoring_elements 0.69972
published_at 2026-04-01T12:55:00Z
8
value 0.0062
scoring_system epss
scoring_elements 0.69984
published_at 2026-04-02T12:55:00Z
9
value 0.0062
scoring_system epss
scoring_elements 0.69999
published_at 2026-04-04T12:55:00Z
10
value 0.0062
scoring_system epss
scoring_elements 0.69975
published_at 2026-04-07T12:55:00Z
11
value 0.0062
scoring_system epss
scoring_elements 0.70024
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4761
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml
10
reference_url https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability
11
reference_url http://www.debian.org/security/2013/dsa-2761
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2761
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=996856
reference_id 996856
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=996856
13
reference_url http://puppetlabs.com/security/cve/cve-2013-4761/
reference_id CVE-2013-4761
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2013-4761/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4761
reference_id CVE-2013-4761
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4761
15
reference_url https://github.com/advisories/GHSA-cj43-9h3w-v976
reference_id GHSA-cj43-9h3w-v976
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cj43-9h3w-v976
16
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
17
reference_url https://access.redhat.com/errata/RHSA-2013:1283
reference_id RHSA-2013:1283
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1283
18
reference_url https://access.redhat.com/errata/RHSA-2013:1284
reference_id RHSA-2013:1284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1284
19
reference_url https://usn.ubuntu.com/1928-1/
reference_id USN-1928-1
reference_type
scores
url https://usn.ubuntu.com/1928-1/
fixed_packages
0
url pkg:gem/puppet@2.7.23
purl pkg:gem/puppet@2.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.23
1
url pkg:gem/puppet@3.2.4
purl pkg:gem/puppet@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.2.4
aliases CVE-2013-4761, GHSA-cj43-9h3w-v976
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad
2
url VCID-75gs-2gu3-6udx
vulnerability_id VCID-75gs-2gu3-6udx
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3865
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3865
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
reference_id
reference_type
scores
0
value 0.01176
scoring_system epss
scoring_elements 0.7874
published_at 2026-04-16T12:55:00Z
1
value 0.01176
scoring_system epss
scoring_elements 0.78679
published_at 2026-04-07T12:55:00Z
2
value 0.01176
scoring_system epss
scoring_elements 0.78711
published_at 2026-04-13T12:55:00Z
3
value 0.01176
scoring_system epss
scoring_elements 0.78719
published_at 2026-04-12T12:55:00Z
4
value 0.01176
scoring_system epss
scoring_elements 0.78737
published_at 2026-04-11T12:55:00Z
5
value 0.01176
scoring_system epss
scoring_elements 0.78705
published_at 2026-04-08T12:55:00Z
6
value 0.01176
scoring_system epss
scoring_elements 0.78712
published_at 2026-04-09T12:55:00Z
7
value 0.01176
scoring_system epss
scoring_elements 0.78734
published_at 2026-04-21T12:55:00Z
8
value 0.01176
scoring_system epss
scoring_elements 0.78738
published_at 2026-04-18T12:55:00Z
9
value 0.0215
scoring_system epss
scoring_elements 0.84187
published_at 2026-04-02T12:55:00Z
10
value 0.0215
scoring_system epss
scoring_elements 0.84205
published_at 2026-04-04T12:55:00Z
11
value 0.0215
scoring_system epss
scoring_elements 0.84174
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839131
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839131
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
10
reference_url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
13
reference_url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
14
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
15
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
16
reference_url http://puppetlabs.com/security/cve/cve-2012-3865/
reference_id CVE-2012-3865
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3865/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
reference_id CVE-2012-3865
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
18
reference_url https://github.com/advisories/GHSA-g89m-3wjw-h857
reference_id GHSA-g89m-3wjw-h857
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g89m-3wjw-h857
19
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
20
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:gem/puppet@2.7.18
purl pkg:gem/puppet@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18
aliases CVE-2012-3865, GHSA-g89m-3wjw-h857
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx
3
url VCID-a7cn-eqbq-qyb1
vulnerability_id VCID-a7cn-eqbq-qyb1
summary 
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3871
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12913
published_at 2026-04-13T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12996
published_at 2026-04-11T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.13035
published_at 2026-04-09T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12983
published_at 2026-04-08T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12904
published_at 2026-04-07T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12958
published_at 2026-04-12T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.1305
published_at 2026-04-02T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.13102
published_at 2026-04-04T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12915
published_at 2026-04-21T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12817
published_at 2026-04-18T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.12814
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3871
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d
9
reference_url https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742649
reference_id 742649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742649
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3871
reference_id CVE-2011-3871
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3871
16
reference_url https://puppet.com/security/cve/cve-2011-3871
reference_id CVE-2011-3871
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3871
17
reference_url https://github.com/advisories/GHSA-mpmx-gm5v-q789
reference_id GHSA-mpmx-gm5v-q789
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpmx-gm5v-q789
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:gem/puppet@2.7.5
purl pkg:gem/puppet@2.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-a7cn-eqbq-qyb1
8
vulnerability VCID-b94j-dcjk-eqeu
9
vulnerability VCID-h88b-abes-3bgr
10
vulnerability VCID-jhkk-5euf-uked
11
vulnerability VCID-kt2h-k72f-tqc7
12
vulnerability VCID-pdpa-qfpq-zkcq
13
vulnerability VCID-pgg8-9sk2-57ee
14
vulnerability VCID-qdsk-m9ye-z3a4
15
vulnerability VCID-s94z-5sd6-33dk
16
vulnerability VCID-tetf-xa1u-uffv
17
vulnerability VCID-txx3-3fzg-33cp
18
vulnerability VCID-vgbw-4yuu-57fz
19
vulnerability VCID-wage-71h9-6qay
20
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5
aliases CVE-2011-3871, GHSA-mpmx-gm5v-q789
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cn-eqbq-qyb1
4
url VCID-h88b-abes-3bgr
vulnerability_id VCID-h88b-abes-3bgr
summary 
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
reference_id
reference_type
scores
0
value 0.00763
scoring_system epss
scoring_elements 0.73445
published_at 2026-04-21T12:55:00Z
1
value 0.00763
scoring_system epss
scoring_elements 0.73351
published_at 2026-04-01T12:55:00Z
2
value 0.00763
scoring_system epss
scoring_elements 0.7336
published_at 2026-04-02T12:55:00Z
3
value 0.00763
scoring_system epss
scoring_elements 0.73384
published_at 2026-04-04T12:55:00Z
4
value 0.00763
scoring_system epss
scoring_elements 0.73355
published_at 2026-04-07T12:55:00Z
5
value 0.00763
scoring_system epss
scoring_elements 0.73392
published_at 2026-04-08T12:55:00Z
6
value 0.00763
scoring_system epss
scoring_elements 0.73406
published_at 2026-04-09T12:55:00Z
7
value 0.00763
scoring_system epss
scoring_elements 0.73429
published_at 2026-04-11T12:55:00Z
8
value 0.00763
scoring_system epss
scoring_elements 0.73409
published_at 2026-04-12T12:55:00Z
9
value 0.00763
scoring_system epss
scoring_elements 0.73401
published_at 2026-04-13T12:55:00Z
10
value 0.00763
scoring_system epss
scoring_elements 0.73443
published_at 2026-04-16T12:55:00Z
11
value 0.00763
scoring_system epss
scoring_elements 0.73451
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
9
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
11
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
12
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
13
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
14
reference_url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
15
reference_url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
16
reference_url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
17
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
18
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
19
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810070
reference_id 810070
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810070
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
reference_id CVE-2012-1987
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
22
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
reference_id CVE-2012-1987
reference_type
scores
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
23
reference_url https://github.com/advisories/GHSA-v58w-6xc2-w799
reference_id GHSA-v58w-6xc2-w799
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v58w-6xc2-w799
24
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
25
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
26
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:gem/puppet@2.7.13
purl pkg:gem/puppet@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-b94j-dcjk-eqeu
8
vulnerability VCID-h88b-abes-3bgr
9
vulnerability VCID-jhkk-5euf-uked
10
vulnerability VCID-kt2h-k72f-tqc7
11
vulnerability VCID-pdpa-qfpq-zkcq
12
vulnerability VCID-pgg8-9sk2-57ee
13
vulnerability VCID-qdsk-m9ye-z3a4
14
vulnerability VCID-s94z-5sd6-33dk
15
vulnerability VCID-tetf-xa1u-uffv
16
vulnerability VCID-vgbw-4yuu-57fz
17
vulnerability VCID-wage-71h9-6qay
18
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13
aliases CVE-2012-1987, GHSA-v58w-6xc2-w799
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr
5
url VCID-jhkk-5euf-uked
vulnerability_id VCID-jhkk-5euf-uked
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.1278
published_at 2026-04-21T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12901
published_at 2026-04-02T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12951
published_at 2026-04-04T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12754
published_at 2026-04-07T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12834
published_at 2026-04-08T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12885
published_at 2026-04-09T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12851
published_at 2026-04-11T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12813
published_at 2026-04-12T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12768
published_at 2026-04-13T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12671
published_at 2026-04-16T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.12678
published_at 2026-04-18T12:55:00Z
11
value 0.00042
scoring_system epss
scoring_elements 0.12803
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
9
reference_url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742645
reference_id 742645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742645
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
16
reference_url https://puppet.com/security/cve/cve-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3869
17
reference_url https://github.com/advisories/GHSA-8c56-v25w-f89c
reference_id GHSA-8c56-v25w-f89c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c56-v25w-f89c
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:gem/puppet@2.7.5
purl pkg:gem/puppet@2.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-a7cn-eqbq-qyb1
8
vulnerability VCID-b94j-dcjk-eqeu
9
vulnerability VCID-h88b-abes-3bgr
10
vulnerability VCID-jhkk-5euf-uked
11
vulnerability VCID-kt2h-k72f-tqc7
12
vulnerability VCID-pdpa-qfpq-zkcq
13
vulnerability VCID-pgg8-9sk2-57ee
14
vulnerability VCID-qdsk-m9ye-z3a4
15
vulnerability VCID-s94z-5sd6-33dk
16
vulnerability VCID-tetf-xa1u-uffv
17
vulnerability VCID-txx3-3fzg-33cp
18
vulnerability VCID-vgbw-4yuu-57fz
19
vulnerability VCID-wage-71h9-6qay
20
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5
aliases CVE-2011-3869, GHSA-8c56-v25w-f89c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked
6
url VCID-kt2h-k72f-tqc7
vulnerability_id VCID-kt2h-k72f-tqc7
summary 
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13518
4
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
5
reference_url http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1988
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.65684
published_at 2026-04-21T12:55:00Z
1
value 0.00492
scoring_system epss
scoring_elements 0.65568
published_at 2026-04-01T12:55:00Z
2
value 0.00492
scoring_system epss
scoring_elements 0.65616
published_at 2026-04-02T12:55:00Z
3
value 0.00492
scoring_system epss
scoring_elements 0.65646
published_at 2026-04-04T12:55:00Z
4
value 0.00492
scoring_system epss
scoring_elements 0.65612
published_at 2026-04-07T12:55:00Z
5
value 0.00492
scoring_system epss
scoring_elements 0.65664
published_at 2026-04-08T12:55:00Z
6
value 0.00492
scoring_system epss
scoring_elements 0.65676
published_at 2026-04-09T12:55:00Z
7
value 0.00492
scoring_system epss
scoring_elements 0.65696
published_at 2026-04-11T12:55:00Z
8
value 0.00492
scoring_system epss
scoring_elements 0.65682
published_at 2026-04-12T12:55:00Z
9
value 0.00492
scoring_system epss
scoring_elements 0.65653
published_at 2026-04-13T12:55:00Z
10
value 0.00492
scoring_system epss
scoring_elements 0.65688
published_at 2026-04-16T12:55:00Z
11
value 0.00492
scoring_system epss
scoring_elements 0.65701
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
10
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
11
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
12
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
14
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
15
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
16
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
17
reference_url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
18
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
19
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
20
reference_url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
21
reference_url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
22
reference_url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
23
reference_url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
24
reference_url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
25
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
26
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810071
reference_id 810071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810071
28
reference_url http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1988/
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
reference_id CVE-2012-1988
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
30
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
31
reference_url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
reference_id GHSA-6xxq-j39w-g3f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
32
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
33
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
34
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:gem/puppet@2.7.13
purl pkg:gem/puppet@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-b94j-dcjk-eqeu
8
vulnerability VCID-h88b-abes-3bgr
9
vulnerability VCID-jhkk-5euf-uked
10
vulnerability VCID-kt2h-k72f-tqc7
11
vulnerability VCID-pdpa-qfpq-zkcq
12
vulnerability VCID-pgg8-9sk2-57ee
13
vulnerability VCID-qdsk-m9ye-z3a4
14
vulnerability VCID-s94z-5sd6-33dk
15
vulnerability VCID-tetf-xa1u-uffv
16
vulnerability VCID-vgbw-4yuu-57fz
17
vulnerability VCID-wage-71h9-6qay
18
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13
aliases CVE-2012-1988, GHSA-6xxq-j39w-g3f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7
7
url VCID-pdpa-qfpq-zkcq
vulnerability_id VCID-pdpa-qfpq-zkcq
summary 
Improper Input Validation
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1655
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.70428
published_at 2026-04-18T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70419
published_at 2026-04-16T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70376
published_at 2026-04-13T12:55:00Z
3
value 0.00634
scoring_system epss
scoring_elements 0.70391
published_at 2026-04-12T12:55:00Z
4
value 0.00634
scoring_system epss
scoring_elements 0.70406
published_at 2026-04-11T12:55:00Z
5
value 0.00634
scoring_system epss
scoring_elements 0.70382
published_at 2026-04-09T12:55:00Z
6
value 0.00634
scoring_system epss
scoring_elements 0.70344
published_at 2026-04-04T12:55:00Z
7
value 0.00634
scoring_system epss
scoring_elements 0.70409
published_at 2026-04-21T12:55:00Z
8
value 0.00634
scoring_system epss
scoring_elements 0.70322
published_at 2026-04-07T12:55:00Z
9
value 0.00634
scoring_system epss
scoring_elements 0.70315
published_at 2026-04-01T12:55:00Z
10
value 0.00634
scoring_system epss
scoring_elements 0.70367
published_at 2026-04-08T12:55:00Z
11
value 0.00634
scoring_system epss
scoring_elements 0.70328
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1655
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655
4
reference_url http://secunia.com/advisories/52596
reference_id
reference_type
scores
url http://secunia.com/advisories/52596
5
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml
7
reference_url https://puppetlabs.com/security/cve/cve-2013-1655
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://puppetlabs.com/security/cve/cve-2013-1655
8
reference_url https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442
9
reference_url https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
10
reference_url http://ubuntu.com/usn/usn-1759-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1759-1
11
reference_url http://www.debian.org/security/2013/dsa-2643
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2643
12
reference_url http://www.securityfocus.com/bid/58442
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58442
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1655
reference_id CVE-2013-1655
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1655
49
reference_url https://puppetlabs.com/security/cve/cve-2013-1655/
reference_id CVE-2013-1655
reference_type
scores
url https://puppetlabs.com/security/cve/cve-2013-1655/
50
reference_url https://github.com/advisories/GHSA-574q-fxfj-wv6h
reference_id GHSA-574q-fxfj-wv6h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-574q-fxfj-wv6h
51
reference_url https://security.gentoo.org/glsa/201308-04
reference_id GLSA-201308-04
reference_type
scores
url https://security.gentoo.org/glsa/201308-04
52
reference_url https://usn.ubuntu.com/1759-1/
reference_id USN-1759-1
reference_type
scores
url https://usn.ubuntu.com/1759-1/
fixed_packages
0
url pkg:gem/puppet@2.7.21
purl pkg:gem/puppet@2.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.21
1
url pkg:gem/puppet@3.1.1
purl pkg:gem/puppet@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.1.1
aliases CVE-2013-1655, GHSA-574q-fxfj-wv6h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-qfpq-zkcq
8
url VCID-txx3-3fzg-33cp
vulnerability_id VCID-txx3-3fzg-33cp
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3870
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09469
published_at 2026-04-12T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.09496
published_at 2026-04-21T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.09483
published_at 2026-04-09T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.09435
published_at 2026-04-08T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.09361
published_at 2026-04-07T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09397
published_at 2026-04-01T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09401
published_at 2026-04-02T12:55:00Z
7
value 0.00033
scoring_system epss
scoring_elements 0.09451
published_at 2026-04-04T12:55:00Z
8
value 0.00033
scoring_system epss
scoring_elements 0.09345
published_at 2026-04-18T12:55:00Z
9
value 0.00033
scoring_system epss
scoring_elements 0.09344
published_at 2026-04-16T12:55:00Z
10
value 0.00033
scoring_system epss
scoring_elements 0.09452
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3870
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30
9
reference_url https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742644
reference_id 742644
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742644
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3870
reference_id CVE-2011-3870
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3870
16
reference_url https://puppet.com/security/cve/cve-2011-3870
reference_id CVE-2011-3870
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3870
17
reference_url https://github.com/advisories/GHSA-qh3g-27jf-3j54
reference_id GHSA-qh3g-27jf-3j54
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh3g-27jf-3j54
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:gem/puppet@2.7.5
purl pkg:gem/puppet@2.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-a7cn-eqbq-qyb1
8
vulnerability VCID-b94j-dcjk-eqeu
9
vulnerability VCID-h88b-abes-3bgr
10
vulnerability VCID-jhkk-5euf-uked
11
vulnerability VCID-kt2h-k72f-tqc7
12
vulnerability VCID-pdpa-qfpq-zkcq
13
vulnerability VCID-pgg8-9sk2-57ee
14
vulnerability VCID-qdsk-m9ye-z3a4
15
vulnerability VCID-s94z-5sd6-33dk
16
vulnerability VCID-tetf-xa1u-uffv
17
vulnerability VCID-txx3-3fzg-33cp
18
vulnerability VCID-vgbw-4yuu-57fz
19
vulnerability VCID-wage-71h9-6qay
20
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5
aliases CVE-2011-3870, GHSA-qh3g-27jf-3j54
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txx3-3fzg-33cp
9
url VCID-vgbw-4yuu-57fz
vulnerability_id VCID-vgbw-4yuu-57fz
summary 
Low severity vulnerability that affects puppet
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
1
reference_url http://puppetlabs.com/security/cve/cve-2012-3866
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3866
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3866
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15529
published_at 2026-04-18T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15712
published_at 2026-04-02T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15776
published_at 2026-04-04T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.1558
published_at 2026-04-21T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15666
published_at 2026-04-08T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.15725
published_at 2026-04-09T12:55:00Z
6
value 0.0005
scoring_system epss
scoring_elements 0.15692
published_at 2026-04-11T12:55:00Z
7
value 0.0005
scoring_system epss
scoring_elements 0.15657
published_at 2026-04-12T12:55:00Z
8
value 0.0005
scoring_system epss
scoring_elements 0.15593
published_at 2026-04-13T12:55:00Z
9
value 0.0005
scoring_system epss
scoring_elements 0.1552
published_at 2026-04-16T12:55:00Z
10
value 0.0005
scoring_system epss
scoring_elements 0.15674
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3866
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839135
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839135
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866
5
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
6
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
7
reference_url https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml
9
reference_url https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable
10
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
11
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
12
reference_url http://puppetlabs.com/security/cve/cve-2012-3866/
reference_id CVE-2012-3866
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3866/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3866
reference_id CVE-2012-3866
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3866
14
reference_url https://github.com/advisories/GHSA-8jxj-9r5f-w3m2
reference_id GHSA-8jxj-9r5f-w3m2
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jxj-9r5f-w3m2
15
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:gem/puppet@2.7.18
purl pkg:gem/puppet@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18
aliases CVE-2012-3866, GHSA-8jxj-9r5f-w3m2
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbw-4yuu-57fz
10
url VCID-wage-71h9-6qay
vulnerability_id VCID-wage-71h9-6qay
summary 
Moderate severity vulnerability that affects puppet
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3867
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3867
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
reference_id
reference_type
scores
0
value 0.01418
scoring_system epss
scoring_elements 0.80599
published_at 2026-04-16T12:55:00Z
1
value 0.01418
scoring_system epss
scoring_elements 0.80571
published_at 2026-04-13T12:55:00Z
2
value 0.01418
scoring_system epss
scoring_elements 0.80578
published_at 2026-04-12T12:55:00Z
3
value 0.01418
scoring_system epss
scoring_elements 0.80544
published_at 2026-04-04T12:55:00Z
4
value 0.01418
scoring_system epss
scoring_elements 0.80604
published_at 2026-04-21T12:55:00Z
5
value 0.01418
scoring_system epss
scoring_elements 0.80601
published_at 2026-04-18T12:55:00Z
6
value 0.01418
scoring_system epss
scoring_elements 0.80536
published_at 2026-04-07T12:55:00Z
7
value 0.01418
scoring_system epss
scoring_elements 0.80592
published_at 2026-04-11T12:55:00Z
8
value 0.01418
scoring_system epss
scoring_elements 0.80575
published_at 2026-04-09T12:55:00Z
9
value 0.01418
scoring_system epss
scoring_elements 0.80565
published_at 2026-04-08T12:55:00Z
10
value 0.01418
scoring_system epss
scoring_elements 0.80516
published_at 2026-04-01T12:55:00Z
11
value 0.01418
scoring_system epss
scoring_elements 0.80522
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839158
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839158
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
10
reference_url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
12
reference_url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
13
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
14
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
15
reference_url http://puppetlabs.com/security/cve/cve-2012-3867/
reference_id CVE-2012-3867
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3867/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
reference_id CVE-2012-3867
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
17
reference_url https://github.com/advisories/GHSA-q44r-f2hm-v76v
reference_id GHSA-q44r-f2hm-v76v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q44r-f2hm-v76v
18
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
19
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:gem/puppet@2.7.18
purl pkg:gem/puppet@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18
aliases CVE-2012-3867, GHSA-q44r-f2hm-v76v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.0