Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/puppet@2.7.13-1?distro=bullseye
Typedeb
Namespacedebian
Namepuppet
Version2.7.13-1
Qualifiers
distro bullseye
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.7.18-1
Latest_non_vulnerable_version5.5.22-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-h88b-abes-3bgr
vulnerability_id VCID-h88b-abes-3bgr
summary 
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
reference_id
reference_type
scores
0
value 0.00763
scoring_system epss
scoring_elements 0.73445
published_at 2026-04-21T12:55:00Z
1
value 0.00763
scoring_system epss
scoring_elements 0.73351
published_at 2026-04-01T12:55:00Z
2
value 0.00763
scoring_system epss
scoring_elements 0.7336
published_at 2026-04-02T12:55:00Z
3
value 0.00763
scoring_system epss
scoring_elements 0.73384
published_at 2026-04-04T12:55:00Z
4
value 0.00763
scoring_system epss
scoring_elements 0.73355
published_at 2026-04-07T12:55:00Z
5
value 0.00763
scoring_system epss
scoring_elements 0.73392
published_at 2026-04-08T12:55:00Z
6
value 0.00763
scoring_system epss
scoring_elements 0.73406
published_at 2026-04-09T12:55:00Z
7
value 0.00763
scoring_system epss
scoring_elements 0.73429
published_at 2026-04-11T12:55:00Z
8
value 0.00763
scoring_system epss
scoring_elements 0.73409
published_at 2026-04-12T12:55:00Z
9
value 0.00763
scoring_system epss
scoring_elements 0.73401
published_at 2026-04-13T12:55:00Z
10
value 0.00763
scoring_system epss
scoring_elements 0.73443
published_at 2026-04-16T12:55:00Z
11
value 0.00763
scoring_system epss
scoring_elements 0.73451
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1987
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
7
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
8
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
9
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
11
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
12
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
13
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
14
reference_url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
15
reference_url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
16
reference_url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
17
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
18
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
19
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810070
reference_id 810070
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810070
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
reference_id CVE-2012-1987
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1987
22
reference_url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
reference_id CVE-2012-1987
reference_type
scores
url https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
23
reference_url https://github.com/advisories/GHSA-v58w-6xc2-w799
reference_id GHSA-v58w-6xc2-w799
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v58w-6xc2-w799
24
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
25
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
26
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
purl pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.13-1%3Fdistro=bullseye
1
url pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye
aliases CVE-2012-1987, GHSA-v58w-6xc2-w799
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr
1
url VCID-kt2h-k72f-tqc7
vulnerability_id VCID-kt2h-k72f-tqc7
summary 
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
3
reference_url http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13518
4
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
5
reference_url http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1988
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.65684
published_at 2026-04-21T12:55:00Z
1
value 0.00492
scoring_system epss
scoring_elements 0.65568
published_at 2026-04-01T12:55:00Z
2
value 0.00492
scoring_system epss
scoring_elements 0.65616
published_at 2026-04-02T12:55:00Z
3
value 0.00492
scoring_system epss
scoring_elements 0.65646
published_at 2026-04-04T12:55:00Z
4
value 0.00492
scoring_system epss
scoring_elements 0.65612
published_at 2026-04-07T12:55:00Z
5
value 0.00492
scoring_system epss
scoring_elements 0.65664
published_at 2026-04-08T12:55:00Z
6
value 0.00492
scoring_system epss
scoring_elements 0.65676
published_at 2026-04-09T12:55:00Z
7
value 0.00492
scoring_system epss
scoring_elements 0.65696
published_at 2026-04-11T12:55:00Z
8
value 0.00492
scoring_system epss
scoring_elements 0.65682
published_at 2026-04-12T12:55:00Z
9
value 0.00492
scoring_system epss
scoring_elements 0.65653
published_at 2026-04-13T12:55:00Z
10
value 0.00492
scoring_system epss
scoring_elements 0.65688
published_at 2026-04-16T12:55:00Z
11
value 0.00492
scoring_system epss
scoring_elements 0.65701
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1988
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
10
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
11
reference_url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
12
reference_url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
14
reference_url https://hermes.opensuse.org/messages/14523305
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/14523305
15
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
16
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
17
reference_url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
18
reference_url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
19
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
20
reference_url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
21
reference_url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
22
reference_url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
23
reference_url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
24
reference_url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
25
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
26
reference_url http://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2451
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810071
reference_id 810071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810071
28
reference_url http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1988/
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
reference_id CVE-2012-1988
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1988
30
reference_url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
reference_id CVE-2012-1988
reference_type
scores
url https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
31
reference_url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
reference_id GHSA-6xxq-j39w-g3f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xxq-j39w-g3f6
32
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
33
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
34
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
purl pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.13-1%3Fdistro=bullseye
1
url pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye
aliases CVE-2012-1988, GHSA-6xxq-j39w-g3f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7
2
url VCID-pgg8-9sk2-57ee
vulnerability_id VCID-pgg8-9sk2-57ee
summary 
Low severity vulnerability that affects puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html
1
reference_url http://projects.puppetlabs.com/issues/13606
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13606
2
reference_url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13
3
reference_url http://puppetlabs.com/security/cve/cve-2012-1989
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1989
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1989
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18236
published_at 2026-04-13T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18287
published_at 2026-04-12T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18196
published_at 2026-04-07T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.18221
published_at 2026-04-21T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18193
published_at 2026-04-18T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.18181
published_at 2026-04-16T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.1828
published_at 2026-04-08T12:55:00Z
7
value 0.00058
scoring_system epss
scoring_elements 0.18335
published_at 2026-04-11T12:55:00Z
8
value 0.00058
scoring_system epss
scoring_elements 0.18333
published_at 2026-04-09T12:55:00Z
9
value 0.00058
scoring_system epss
scoring_elements 0.18282
published_at 2026-04-01T12:55:00Z
10
value 0.00058
scoring_system epss
scoring_elements 0.18433
published_at 2026-04-02T12:55:00Z
11
value 0.00058
scoring_system epss
scoring_elements 0.18487
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1989
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989
7
reference_url http://secunia.com/advisories/48743
reference_id
reference_type
scores
url http://secunia.com/advisories/48743
8
reference_url http://secunia.com/advisories/48748
reference_id
reference_type
scores
url http://secunia.com/advisories/48748
9
reference_url http://secunia.com/advisories/49136
reference_id
reference_type
scores
url http://secunia.com/advisories/49136
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74797
11
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml
13
reference_url https://hermes.opensuse.org/messages/15087408
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hermes.opensuse.org/messages/15087408
14
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
15
reference_url https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access
16
reference_url http://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1419-1
17
reference_url http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/52975
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=837339
reference_id 837339
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=837339
19
reference_url http://puppetlabs.com/security/cve/cve-2012-1989/
reference_id CVE-2012-1989
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1989/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1989
reference_id CVE-2012-1989
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1989
21
reference_url https://github.com/advisories/GHSA-c5qq-g673-5p49
reference_id GHSA-c5qq-g673-5p49
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5qq-g673-5p49
22
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
23
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
purl pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.13-1%3Fdistro=bullseye
1
url pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye
aliases CVE-2012-1989, GHSA-c5qq-g673-5p49
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgg8-9sk2-57ee
3
url VCID-tetf-xa1u-uffv
vulnerability_id VCID-tetf-xa1u-uffv
summary 
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.
references
0
reference_url http://projects.puppetlabs.com/issues/13260
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://projects.puppetlabs.com/issues/13260
1
reference_url http://puppetlabs.com/security/cve/cve-2012-1906
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://puppetlabs.com/security/cve/cve-2012-1906
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1906
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19734
published_at 2026-04-21T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19712
published_at 2026-04-07T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.19792
published_at 2026-04-08T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19844
published_at 2026-04-09T12:55:00Z
4
value 0.00063
scoring_system epss
scoring_elements 0.19847
published_at 2026-04-11T12:55:00Z
5
value 0.00063
scoring_system epss
scoring_elements 0.19802
published_at 2026-04-12T12:55:00Z
6
value 0.00063
scoring_system epss
scoring_elements 0.19745
published_at 2026-04-13T12:55:00Z
7
value 0.00063
scoring_system epss
scoring_elements 0.1972
published_at 2026-04-16T12:55:00Z
8
value 0.00063
scoring_system epss
scoring_elements 0.19722
published_at 2026-04-18T12:55:00Z
9
value 0.00063
scoring_system epss
scoring_elements 0.19785
published_at 2026-04-01T12:55:00Z
10
value 0.00063
scoring_system epss
scoring_elements 0.19931
published_at 2026-04-02T12:55:00Z
11
value 0.00063
scoring_system epss
scoring_elements 0.19986
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1906
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/74793
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/74793
6
reference_url https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml
8
reference_url https://ubuntu.com/usn/usn-1419-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/usn/usn-1419-1
9
reference_url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
10
reference_url https://www.debian.org/security/2012/dsa-2451
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2012/dsa-2451
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2236311
reference_id 2236311
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2236311
12
reference_url http://puppetlabs.com/security/cve/cve-2012-1906/
reference_id CVE-2012-1906
reference_type
scores
url http://puppetlabs.com/security/cve/cve-2012-1906/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1906
reference_id CVE-2012-1906
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-1906
14
reference_url https://github.com/advisories/GHSA-c4mc-49hq-q275
reference_id GHSA-c4mc-49hq-q275
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4mc-49hq-q275
15
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
16
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
purl pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.13-1%3Fdistro=bullseye
1
url pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye
aliases CVE-2012-1906, GHSA-c4mc-49hq-q275
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tetf-xa1u-uffv
4
url VCID-yycs-ny3v-pyeh
vulnerability_id VCID-yycs-ny3v-pyeh
summary 
Multiple vulnerabilities have been found in Puppet, the worst of
    which could lead to execution of arbitrary code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1986
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.58974
published_at 2026-04-01T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.59049
published_at 2026-04-02T12:55:00Z
2
value 0.00374
scoring_system epss
scoring_elements 0.59071
published_at 2026-04-04T12:55:00Z
3
value 0.00374
scoring_system epss
scoring_elements 0.59036
published_at 2026-04-07T12:55:00Z
4
value 0.00374
scoring_system epss
scoring_elements 0.59087
published_at 2026-04-08T12:55:00Z
5
value 0.00374
scoring_system epss
scoring_elements 0.59093
published_at 2026-04-12T12:55:00Z
6
value 0.00374
scoring_system epss
scoring_elements 0.59111
published_at 2026-04-11T12:55:00Z
7
value 0.00374
scoring_system epss
scoring_elements 0.59075
published_at 2026-04-13T12:55:00Z
8
value 0.00374
scoring_system epss
scoring_elements 0.5911
published_at 2026-04-16T12:55:00Z
9
value 0.00374
scoring_system epss
scoring_elements 0.59115
published_at 2026-04-18T12:55:00Z
10
value 0.00374
scoring_system epss
scoring_elements 0.59095
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1986
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=810069
reference_id 810069
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=810069
4
reference_url https://security.gentoo.org/glsa/201208-02
reference_id GLSA-201208-02
reference_type
scores
url https://security.gentoo.org/glsa/201208-02
5
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
6
reference_url https://usn.ubuntu.com/1419-1/
reference_id USN-1419-1
reference_type
scores
url https://usn.ubuntu.com/1419-1/
fixed_packages
0
url pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
purl pkg:deb/debian/puppet@2.7.13-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.13-1%3Fdistro=bullseye
1
url pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye
aliases CVE-2012-1986
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yycs-ny3v-pyeh
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.13-1%3Fdistro=bullseye