Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/935971?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/935971?format=api", "purl": "pkg:deb/debian/puppet@2.7.18-1?distro=bullseye", "type": "deb", "namespace": "debian", "name": "puppet", "version": "2.7.18-1", "qualifiers": { "distro": "bullseye" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.7.18-3", "latest_non_vulnerable_version": "5.5.22-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8391?format=api", "vulnerability_id": "VCID-75gs-2gu3-6udx", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3865", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3865" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.7874", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78679", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78719", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78737", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78705", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78712", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78734", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78738", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0215", "scoring_system": "epss", "scoring_elements": "0.84187", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0215", "scoring_system": "epss", "scoring_elements": "0.84205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0215", "scoring_system": "epss", "scoring_elements": "0.84174", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839131", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml" }, { "reference_url": "https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3865/", "reference_id": "CVE-2012-3865", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3865/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3865", "reference_id": "CVE-2012-3865", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3865" }, { "reference_url": "https://github.com/advisories/GHSA-g89m-3wjw-h857", "reference_id": "GHSA-g89m-3wjw-h857", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g89m-3wjw-h857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935971?format=api", "purl": "pkg:deb/debian/puppet@2.7.18-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.18-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2012-3865", "GHSA-g89m-3wjw-h857" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8424?format=api", "vulnerability_id": "VCID-b94j-dcjk-eqeu", "summary": "Improper Authentication\nlib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.", "references": [ { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3408", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3408" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3408.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49124", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49119", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49116", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49133", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49107", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49113", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49158", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49156", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49049", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49111", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49065", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3408" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3408/", "reference_id": "CVE-2012-3408", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3408/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3408", "reference_id": "CVE-2012-3408", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3408" }, { "reference_url": "https://github.com/advisories/GHSA-vxf6-w9mp-95hm", "reference_id": "GHSA-vxf6-w9mp-95hm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxf6-w9mp-95hm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935971?format=api", "purl": "pkg:deb/debian/puppet@2.7.18-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.18-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2012-3408", "GHSA-vxf6-w9mp-95hm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b94j-dcjk-eqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87047?format=api", "vulnerability_id": "VCID-rrky-upea-nfd4", "summary": "puppet: authenticated clients allowed to read arbitrary files from the puppet master", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54466", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54542", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54565", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54586", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5458", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54592", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54553", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54569", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130", "reference_id": "839130", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935971?format=api", "purl": "pkg:deb/debian/puppet@2.7.18-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.18-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2012-3864" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrky-upea-nfd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8419?format=api", "vulnerability_id": "VCID-vgbw-4yuu-57fz", "summary": "Low severity vulnerability that affects puppet\nlib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3866" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15529", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15776", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1558", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15666", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15725", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15657", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1552", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15674", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3866" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839135", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3866/", "reference_id": "CVE-2012-3866", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3866/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3866", "reference_id": "CVE-2012-3866", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3866" }, { "reference_url": "https://github.com/advisories/GHSA-8jxj-9r5f-w3m2", "reference_id": "GHSA-8jxj-9r5f-w3m2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jxj-9r5f-w3m2" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935971?format=api", "purl": "pkg:deb/debian/puppet@2.7.18-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.18-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2012-3866", "GHSA-8jxj-9r5f-w3m2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbw-4yuu-57fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8401?format=api", "vulnerability_id": "VCID-wage-71h9-6qay", "summary": "Moderate severity vulnerability that affects puppet\nlib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3867", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://puppetlabs.com/security/cve/cve-2012-3867" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80599", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80571", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80578", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80604", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80601", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80592", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80565", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80516", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01418", "scoring_system": "epss", "scoring_elements": "0.80522", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3867" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=839158", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867" }, { "reference_url": "http://secunia.com/advisories/50014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50014" }, { "reference_url": "https://github.com/puppetlabs/puppet", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640" }, { "reference_url": "https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml" }, { "reference_url": "https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2511", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2511" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1506-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1506-1" }, { "reference_url": "http://puppetlabs.com/security/cve/cve-2012-3867/", "reference_id": "CVE-2012-3867", "reference_type": "", "scores": [], "url": "http://puppetlabs.com/security/cve/cve-2012-3867/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3867", "reference_id": "CVE-2012-3867", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3867" }, { "reference_url": "https://github.com/advisories/GHSA-q44r-f2hm-v76v", "reference_id": "GHSA-q44r-f2hm-v76v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q44r-f2hm-v76v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://usn.ubuntu.com/1506-1/", "reference_id": "USN-1506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935971?format=api", "purl": "pkg:deb/debian/puppet@2.7.18-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.18-1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/935962?format=api", "purl": "pkg:deb/debian/puppet@5.5.22-2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2012-3867", "GHSA-q44r-f2hm-v76v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.18-1%3Fdistro=bullseye" }