Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/puppet@4.7.0-1?distro=bullseye

Type deb

Namespace debian

Name puppet

Version 4.7.0-1

Qualifiers

distro	bullseye

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.8.0-1

Latest_non_vulnerable_version 5.5.22-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-bt3p-h1js-53gg

vulnerability_id VCID-bt3p-h1js-53gg

summary Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5713

reference_id

reference_type

scores

value	0.0112
scoring_system	epss
scoring_elements	0.78323
published_at	2026-04-29T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78307
published_at	2026-04-26T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78185
published_at	2026-04-01T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78194
published_at	2026-04-02T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78224
published_at	2026-04-04T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78206
published_at	2026-04-07T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78232
published_at	2026-04-08T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78238
published_at	2026-04-09T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78264
published_at	2026-04-11T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78247
published_at	2026-04-12T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78242
published_at	2026-04-13T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78274
published_at	2026-04-16T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78271
published_at	2026-04-18T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78268
published_at	2026-04-21T12:55:00Z

value	0.0112
scoring_system	epss
scoring_elements	0.78301
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5713

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713

reference_url	https://puppet.com/security/cve/cve-2016-5713
reference_id
reference_type
scores
url	https://puppet.com/security/cve/cve-2016-5713

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent::::::::
reference_id	cpe:2.3:a:puppet:puppet_agent::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5713

reference_id

CVE-2016-5713

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5713

fixed_packages

url	pkg:deb/debian/puppet@4.7.0-1?distro=bullseye
purl	pkg:deb/debian/puppet@4.7.0-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.7.0-1%3Fdistro=bullseye

url	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye

aliases CVE-2016-5713

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bt3p-h1js-53gg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.7.0-1%3Fdistro=bullseye

Package Instance