Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/puppet@2.7
Typegem
Namespace
Namepuppet
Version2.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2jc8-n1j4-m7c6
vulnerability_id VCID-2jc8-n1j4-m7c6
summary 
Puppet Privilege Escallation
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1053
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13357
published_at 2026-04-21T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13389
published_at 2026-04-01T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13489
published_at 2026-04-02T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13551
published_at 2026-04-04T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13348
published_at 2026-04-07T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.1343
published_at 2026-04-08T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13479
published_at 2026-04-09T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13453
published_at 2026-04-11T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13418
published_at 2026-04-12T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.13372
published_at 2026-04-13T12:55:00Z
10
value 0.00044
scoring_system epss
scoring_elements 0.13279
published_at 2026-04-16T12:55:00Z
11
value 0.00044
scoring_system epss
scoring_elements 0.13277
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1053
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
4
reference_url https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36
5
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
url https://hermes.opensuse.org/messages/15087408
6
reference_url https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
reference_id
reference_type
scores
url https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
7
reference_url https://ubuntu.com/usn/usn-1372-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/usn/usn-1372-1
8
reference_url https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053
9
reference_url https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458
10
reference_url https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457
11
reference_url https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459
12
reference_url https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158
13
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
14
reference_url https://www.debian.org/security/2012/dsa-2419
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2012/dsa-2419
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=791001
reference_id 791001
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=791001
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1053
reference_id CVE-2012-1053
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1053
17
reference_url https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/
reference_id CVE-2012-1053
reference_type
scores
url https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/
18
reference_url https://github.com/advisories/GHSA-77hg-g8cc-5r37
reference_id GHSA-77hg-g8cc-5r37
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77hg-g8cc-5r37
19
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
20
reference_url https://usn.ubuntu.com/1372-1/
reference_id USN-1372-1
reference_type
scores
url https://usn.ubuntu.com/1372-1/
fixed_packages
0
url pkg:gem/puppet@2.7.11
purl pkg:gem/puppet@2.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-b94j-dcjk-eqeu
8
vulnerability VCID-h88b-abes-3bgr
9
vulnerability VCID-jhkk-5euf-uked
10
vulnerability VCID-kt2h-k72f-tqc7
11
vulnerability VCID-pdpa-qfpq-zkcq
12
vulnerability VCID-pgg8-9sk2-57ee
13
vulnerability VCID-qdsk-m9ye-z3a4
14
vulnerability VCID-s94z-5sd6-33dk
15
vulnerability VCID-tetf-xa1u-uffv
16
vulnerability VCID-vgbw-4yuu-57fz
17
vulnerability VCID-wage-71h9-6qay
18
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.11
aliases CVE-2012-1053, GHSA-77hg-g8cc-5r37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6
1
url VCID-75gs-2gu3-6udx
vulnerability_id VCID-75gs-2gu3-6udx
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3865
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3865
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
reference_id
reference_type
scores
0
value 0.01176
scoring_system epss
scoring_elements 0.7874
published_at 2026-04-16T12:55:00Z
1
value 0.01176
scoring_system epss
scoring_elements 0.78679
published_at 2026-04-07T12:55:00Z
2
value 0.01176
scoring_system epss
scoring_elements 0.78711
published_at 2026-04-13T12:55:00Z
3
value 0.01176
scoring_system epss
scoring_elements 0.78719
published_at 2026-04-12T12:55:00Z
4
value 0.01176
scoring_system epss
scoring_elements 0.78737
published_at 2026-04-11T12:55:00Z
5
value 0.01176
scoring_system epss
scoring_elements 0.78705
published_at 2026-04-08T12:55:00Z
6
value 0.01176
scoring_system epss
scoring_elements 0.78712
published_at 2026-04-09T12:55:00Z
7
value 0.01176
scoring_system epss
scoring_elements 0.78734
published_at 2026-04-21T12:55:00Z
8
value 0.01176
scoring_system epss
scoring_elements 0.78738
published_at 2026-04-18T12:55:00Z
9
value 0.0215
scoring_system epss
scoring_elements 0.84187
published_at 2026-04-02T12:55:00Z
10
value 0.0215
scoring_system epss
scoring_elements 0.84205
published_at 2026-04-04T12:55:00Z
11
value 0.0215
scoring_system epss
scoring_elements 0.84174
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3865
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839131
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839131
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
10
reference_url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
13
reference_url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
14
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
15
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
16
reference_url http://puppetlabs.com/security/cve/cve-2012-3865/
reference_id CVE-2012-3865
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3865/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
reference_id CVE-2012-3865
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3865
18
reference_url https://github.com/advisories/GHSA-g89m-3wjw-h857
reference_id GHSA-g89m-3wjw-h857
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g89m-3wjw-h857
19
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
20
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:gem/puppet@2.7.18
purl pkg:gem/puppet@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18
aliases CVE-2012-3865, GHSA-g89m-3wjw-h857
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx
2
url VCID-a7cn-eqbq-qyb1
vulnerability_id VCID-a7cn-eqbq-qyb1
summary 
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3871
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12913
published_at 2026-04-13T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12996
published_at 2026-04-11T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.13035
published_at 2026-04-09T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12983
published_at 2026-04-08T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12904
published_at 2026-04-07T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12958
published_at 2026-04-12T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.1305
published_at 2026-04-02T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.13102
published_at 2026-04-04T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12915
published_at 2026-04-21T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12817
published_at 2026-04-18T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.12814
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3871
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d
9
reference_url https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742649
reference_id 742649
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742649
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3871
reference_id CVE-2011-3871
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3871
16
reference_url https://puppet.com/security/cve/cve-2011-3871
reference_id CVE-2011-3871
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3871
17
reference_url https://github.com/advisories/GHSA-mpmx-gm5v-q789
reference_id GHSA-mpmx-gm5v-q789
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpmx-gm5v-q789
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:gem/puppet@2.7.5
purl pkg:gem/puppet@2.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-a7cn-eqbq-qyb1
8
vulnerability VCID-b94j-dcjk-eqeu
9
vulnerability VCID-h88b-abes-3bgr
10
vulnerability VCID-jhkk-5euf-uked
11
vulnerability VCID-kt2h-k72f-tqc7
12
vulnerability VCID-pdpa-qfpq-zkcq
13
vulnerability VCID-pgg8-9sk2-57ee
14
vulnerability VCID-qdsk-m9ye-z3a4
15
vulnerability VCID-s94z-5sd6-33dk
16
vulnerability VCID-tetf-xa1u-uffv
17
vulnerability VCID-txx3-3fzg-33cp
18
vulnerability VCID-vgbw-4yuu-57fz
19
vulnerability VCID-wage-71h9-6qay
20
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5
aliases CVE-2011-3871, GHSA-mpmx-gm5v-q789
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cn-eqbq-qyb1
3
url VCID-h88b-abes-3bgr
vulnerability_id VCID-h88b-abes-3bgr
summary 
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
reference_id
reference_type
scores
0
value 0.00763
scoring_system epss
scoring_elements 0.73445
published_at 2026-04-21T12:55:00Z
1
value 0.00763
scoring_system epss
scoring_elements 0.73351
published_at 2026-04-01T12:55:00Z
2
value 0.00763
scoring_system epss
scoring_elements 0.7336
published_at 2026-04-02T12:55:00Z
3
value 0.00763
scoring_system epss
scoring_elements 0.73384
published_at 2026-04-04T12:55:00Z
4
value 0.00763
scoring_system epss
scoring_elements 0.73355
published_at 2026-04-07T12:55:00Z
5
value 0.00763
scoring_system epss
scoring_elements 0.73392
published_at 2026-04-08T12:55:00Z
6
value 0.00763
scoring_system epss
scoring_elements 0.73406
published_at 2026-04-09T12:55:00Z
7
value 0.00763
scoring_system epss
scoring_elements 0.73429
published_at 2026-04-11T12:55:00Z
8
value 0.00763
scoring_system epss
scoring_elements 0.73409
published_at 2026-04-12T12:55:00Z
9
value 0.00763
scoring_system epss
scoring_elements 0.73401
published_at 2026-04-13T12:55:00Z
10
value 0.00763
scoring_system epss
scoring_elements 0.73443
published_at 2026-04-16T12:55:00Z
11
value 0.00763
scoring_system epss
scoring_elements 0.73451
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
9
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
11
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
12
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
13
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
14
reference_url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
15
reference_url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
16
reference_url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
17
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
18
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
19
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810070
reference_id 810070
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810070
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
reference_id CVE-2012-1987
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
22
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
reference_id CVE-2012-1987
reference_type
scores
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
23
reference_url https://github.com/advisories/GHSA-v58w-6xc2-w799
reference_id GHSA-v58w-6xc2-w799
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v58w-6xc2-w799
24
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
25
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
26
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:gem/puppet@2.7.13
purl pkg:gem/puppet@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-b94j-dcjk-eqeu
8
vulnerability VCID-h88b-abes-3bgr
9
vulnerability VCID-jhkk-5euf-uked
10
vulnerability VCID-kt2h-k72f-tqc7
11
vulnerability VCID-pdpa-qfpq-zkcq
12
vulnerability VCID-pgg8-9sk2-57ee
13
vulnerability VCID-qdsk-m9ye-z3a4
14
vulnerability VCID-s94z-5sd6-33dk
15
vulnerability VCID-tetf-xa1u-uffv
16
vulnerability VCID-vgbw-4yuu-57fz
17
vulnerability VCID-wage-71h9-6qay
18
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13
aliases CVE-2012-1987, GHSA-v58w-6xc2-w799
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr
4
url VCID-jhkk-5euf-uked
vulnerability_id VCID-jhkk-5euf-uked
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.1278
published_at 2026-04-21T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12901
published_at 2026-04-02T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12951
published_at 2026-04-04T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12754
published_at 2026-04-07T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12834
published_at 2026-04-08T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12885
published_at 2026-04-09T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12851
published_at 2026-04-11T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12813
published_at 2026-04-12T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12768
published_at 2026-04-13T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12671
published_at 2026-04-16T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.12678
published_at 2026-04-18T12:55:00Z
11
value 0.00042
scoring_system epss
scoring_elements 0.12803
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3869
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
9
reference_url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742645
reference_id 742645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742645
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3869
16
reference_url https://puppet.com/security/cve/cve-2011-3869
reference_id CVE-2011-3869
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3869
17
reference_url https://github.com/advisories/GHSA-8c56-v25w-f89c
reference_id GHSA-8c56-v25w-f89c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c56-v25w-f89c
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:gem/puppet@2.7.5
purl pkg:gem/puppet@2.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-a7cn-eqbq-qyb1
8
vulnerability VCID-b94j-dcjk-eqeu
9
vulnerability VCID-h88b-abes-3bgr
10
vulnerability VCID-jhkk-5euf-uked
11
vulnerability VCID-kt2h-k72f-tqc7
12
vulnerability VCID-pdpa-qfpq-zkcq
13
vulnerability VCID-pgg8-9sk2-57ee
14
vulnerability VCID-qdsk-m9ye-z3a4
15
vulnerability VCID-s94z-5sd6-33dk
16
vulnerability VCID-tetf-xa1u-uffv
17
vulnerability VCID-txx3-3fzg-33cp
18
vulnerability VCID-vgbw-4yuu-57fz
19
vulnerability VCID-wage-71h9-6qay
20
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5
aliases CVE-2011-3869, GHSA-8c56-v25w-f89c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked
5
url VCID-kt2h-k72f-tqc7
vulnerability_id VCID-kt2h-k72f-tqc7
summary 
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13518
4
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
5
reference_url http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1988
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.65684
published_at 2026-04-21T12:55:00Z
1
value 0.00492
scoring_system epss
scoring_elements 0.65568
published_at 2026-04-01T12:55:00Z
2
value 0.00492
scoring_system epss
scoring_elements 0.65616
published_at 2026-04-02T12:55:00Z
3
value 0.00492
scoring_system epss
scoring_elements 0.65646
published_at 2026-04-04T12:55:00Z
4
value 0.00492
scoring_system epss
scoring_elements 0.65612
published_at 2026-04-07T12:55:00Z
5
value 0.00492
scoring_system epss
scoring_elements 0.65664
published_at 2026-04-08T12:55:00Z
6
value 0.00492
scoring_system epss
scoring_elements 0.65676
published_at 2026-04-09T12:55:00Z
7
value 0.00492
scoring_system epss
scoring_elements 0.65696
published_at 2026-04-11T12:55:00Z
8
value 0.00492
scoring_system epss
scoring_elements 0.65682
published_at 2026-04-12T12:55:00Z
9
value 0.00492
scoring_system epss
scoring_elements 0.65653
published_at 2026-04-13T12:55:00Z
10
value 0.00492
scoring_system epss
scoring_elements 0.65688
published_at 2026-04-16T12:55:00Z
11
value 0.00492
scoring_system epss
scoring_elements 0.65701
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
10
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
11
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
12
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
14
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
15
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
16
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
17
reference_url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
18
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
19
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
20
reference_url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
21
reference_url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
22
reference_url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
23
reference_url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
24
reference_url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
25
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
26
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810071
reference_id 810071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810071
28
reference_url http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1988/
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
reference_id CVE-2012-1988
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
30
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
31
reference_url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
reference_id GHSA-6xxq-j39w-g3f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
32
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
33
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
34
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:gem/puppet@2.7.13
purl pkg:gem/puppet@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-b94j-dcjk-eqeu
8
vulnerability VCID-h88b-abes-3bgr
9
vulnerability VCID-jhkk-5euf-uked
10
vulnerability VCID-kt2h-k72f-tqc7
11
vulnerability VCID-pdpa-qfpq-zkcq
12
vulnerability VCID-pgg8-9sk2-57ee
13
vulnerability VCID-qdsk-m9ye-z3a4
14
vulnerability VCID-s94z-5sd6-33dk
15
vulnerability VCID-tetf-xa1u-uffv
16
vulnerability VCID-vgbw-4yuu-57fz
17
vulnerability VCID-wage-71h9-6qay
18
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13
aliases CVE-2012-1988, GHSA-6xxq-j39w-g3f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7
6
url VCID-tetf-xa1u-uffv
vulnerability_id VCID-tetf-xa1u-uffv
summary 
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.
references
0
reference_url http://projects.puppetlabs.com/issues/13260
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13260
1
reference_url http://puppetlabs.com/security/cve/cve-2012-1906
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1906
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1906
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19734
published_at 2026-04-21T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19712
published_at 2026-04-07T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19792
published_at 2026-04-08T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19844
published_at 2026-04-09T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19847
published_at 2026-04-11T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19802
published_at 2026-04-12T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19745
published_at 2026-04-13T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.1972
published_at 2026-04-16T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19722
published_at 2026-04-18T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19785
published_at 2026-04-01T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19931
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19986
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1906
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74793
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74793
6
reference_url https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml
8
reference_url https://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/usn/usn-1419-1
9
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
10
reference_url https://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2012/dsa-2451
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2236311
reference_id 2236311
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2236311
12
reference_url http://puppetlabs.com/security/cve/cve-2012-1906/
reference_id CVE-2012-1906
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1906/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1906
reference_id CVE-2012-1906
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1906
14
reference_url https://github.com/advisories/GHSA-c4mc-49hq-q275
reference_id GHSA-c4mc-49hq-q275
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4mc-49hq-q275
15
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
16
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:gem/puppet@2.7.13
purl pkg:gem/puppet@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-b94j-dcjk-eqeu
8
vulnerability VCID-h88b-abes-3bgr
9
vulnerability VCID-jhkk-5euf-uked
10
vulnerability VCID-kt2h-k72f-tqc7
11
vulnerability VCID-pdpa-qfpq-zkcq
12
vulnerability VCID-pgg8-9sk2-57ee
13
vulnerability VCID-qdsk-m9ye-z3a4
14
vulnerability VCID-s94z-5sd6-33dk
15
vulnerability VCID-tetf-xa1u-uffv
16
vulnerability VCID-vgbw-4yuu-57fz
17
vulnerability VCID-wage-71h9-6qay
18
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13
aliases CVE-2012-1906, GHSA-c4mc-49hq-q275
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tetf-xa1u-uffv
7
url VCID-txx3-3fzg-33cp
vulnerability_id VCID-txx3-3fzg-33cp
summary 
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
references
0
reference_url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3870
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09469
published_at 2026-04-12T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.09496
published_at 2026-04-21T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.09483
published_at 2026-04-09T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.09435
published_at 2026-04-08T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.09361
published_at 2026-04-07T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09397
published_at 2026-04-01T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09401
published_at 2026-04-02T12:55:00Z
7
value 0.00033
scoring_system epss
scoring_elements 0.09451
published_at 2026-04-04T12:55:00Z
8
value 0.00033
scoring_system epss
scoring_elements 0.09345
published_at 2026-04-18T12:55:00Z
9
value 0.00033
scoring_system epss
scoring_elements 0.09344
published_at 2026-04-16T12:55:00Z
10
value 0.00033
scoring_system epss
scoring_elements 0.09452
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3870
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30
9
reference_url https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml
11
reference_url http://www.debian.org/security/2011/dsa-2314
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2314
12
reference_url http://www.ubuntu.com/usn/USN-1223-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-1
13
reference_url http://www.ubuntu.com/usn/USN-1223-2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1223-2
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=742644
reference_id 742644
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=742644
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3870
reference_id CVE-2011-3870
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3870
16
reference_url https://puppet.com/security/cve/cve-2011-3870
reference_id CVE-2011-3870
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2011-3870
17
reference_url https://github.com/advisories/GHSA-qh3g-27jf-3j54
reference_id GHSA-qh3g-27jf-3j54
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh3g-27jf-3j54
18
reference_url https://security.gentoo.org/glsa/201203-03
reference_id GLSA-201203-03
reference_type
scores
url https://security.gentoo.org/glsa/201203-03
19
reference_url https://usn.ubuntu.com/1223-1/
reference_id USN-1223-1
reference_type
scores
url https://usn.ubuntu.com/1223-1/
fixed_packages
0
url pkg:gem/puppet@2.7.5
purl pkg:gem/puppet@2.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2jc8-n1j4-m7c6
1
vulnerability VCID-3kma-3ffw-8qd9
2
vulnerability VCID-5g6u-uvej-xbad
3
vulnerability VCID-5qhd-8wfe-27dy
4
vulnerability VCID-75gs-2gu3-6udx
5
vulnerability VCID-7ypq-wmb7-quhc
6
vulnerability VCID-8xgm-pabz-hkeg
7
vulnerability VCID-a7cn-eqbq-qyb1
8
vulnerability VCID-b94j-dcjk-eqeu
9
vulnerability VCID-h88b-abes-3bgr
10
vulnerability VCID-jhkk-5euf-uked
11
vulnerability VCID-kt2h-k72f-tqc7
12
vulnerability VCID-pdpa-qfpq-zkcq
13
vulnerability VCID-pgg8-9sk2-57ee
14
vulnerability VCID-qdsk-m9ye-z3a4
15
vulnerability VCID-s94z-5sd6-33dk
16
vulnerability VCID-tetf-xa1u-uffv
17
vulnerability VCID-txx3-3fzg-33cp
18
vulnerability VCID-vgbw-4yuu-57fz
19
vulnerability VCID-wage-71h9-6qay
20
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5
aliases CVE-2011-3870, GHSA-qh3g-27jf-3j54
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txx3-3fzg-33cp
8
url VCID-wage-71h9-6qay
vulnerability_id VCID-wage-71h9-6qay
summary 
Moderate severity vulnerability that affects puppet
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
2
reference_url http://puppetlabs.com/security/cve/cve-2012-3867
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-3867
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
reference_id
reference_type
scores
0
value 0.01418
scoring_system epss
scoring_elements 0.80599
published_at 2026-04-16T12:55:00Z
1
value 0.01418
scoring_system epss
scoring_elements 0.80571
published_at 2026-04-13T12:55:00Z
2
value 0.01418
scoring_system epss
scoring_elements 0.80578
published_at 2026-04-12T12:55:00Z
3
value 0.01418
scoring_system epss
scoring_elements 0.80544
published_at 2026-04-04T12:55:00Z
4
value 0.01418
scoring_system epss
scoring_elements 0.80604
published_at 2026-04-21T12:55:00Z
5
value 0.01418
scoring_system epss
scoring_elements 0.80601
published_at 2026-04-18T12:55:00Z
6
value 0.01418
scoring_system epss
scoring_elements 0.80536
published_at 2026-04-07T12:55:00Z
7
value 0.01418
scoring_system epss
scoring_elements 0.80592
published_at 2026-04-11T12:55:00Z
8
value 0.01418
scoring_system epss
scoring_elements 0.80575
published_at 2026-04-09T12:55:00Z
9
value 0.01418
scoring_system epss
scoring_elements 0.80565
published_at 2026-04-08T12:55:00Z
10
value 0.01418
scoring_system epss
scoring_elements 0.80516
published_at 2026-04-01T12:55:00Z
11
value 0.01418
scoring_system epss
scoring_elements 0.80522
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3867
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=839158
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=839158
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867
7
reference_url http://secunia.com/advisories/50014
reference_id
reference_type
scores
url http://secunia.com/advisories/50014
8
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
9
reference_url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
10
reference_url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
12
reference_url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
13
reference_url http://www.debian.org/security/2012/dsa-2511
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2511
14
reference_url http://www.ubuntu.com/usn/USN-1506-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1506-1
15
reference_url http://puppetlabs.com/security/cve/cve-2012-3867/
reference_id CVE-2012-3867
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-3867/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
reference_id CVE-2012-3867
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3867
17
reference_url https://github.com/advisories/GHSA-q44r-f2hm-v76v
reference_id GHSA-q44r-f2hm-v76v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q44r-f2hm-v76v
18
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
19
reference_url https://usn.ubuntu.com/1506-1/
reference_id USN-1506-1
reference_type
scores
url https://usn.ubuntu.com/1506-1/
fixed_packages
0
url pkg:gem/puppet@2.7.18
purl pkg:gem/puppet@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kma-3ffw-8qd9
1
vulnerability VCID-5g6u-uvej-xbad
2
vulnerability VCID-5qhd-8wfe-27dy
3
vulnerability VCID-75gs-2gu3-6udx
4
vulnerability VCID-7ypq-wmb7-quhc
5
vulnerability VCID-8xgm-pabz-hkeg
6
vulnerability VCID-h88b-abes-3bgr
7
vulnerability VCID-jhkk-5euf-uked
8
vulnerability VCID-kt2h-k72f-tqc7
9
vulnerability VCID-pdpa-qfpq-zkcq
10
vulnerability VCID-pgg8-9sk2-57ee
11
vulnerability VCID-qdsk-m9ye-z3a4
12
vulnerability VCID-s94z-5sd6-33dk
13
vulnerability VCID-vgbw-4yuu-57fz
14
vulnerability VCID-wage-71h9-6qay
15
vulnerability VCID-ww8x-tzxr-4qbn
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18
aliases CVE-2012-3867, GHSA-q44r-f2hm-v76v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7