Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-v9kt-4vxm-ekdw

Summary

Multiple vulnerabilities have been found in Puppet, the worst of
    which could lead to execution of arbitrary code.

Aliases

alias	CVE-2012-6120

Fixed_packages

url	pkg:deb/debian/puppet@2.6.4-2?distro=bullseye
purl	pkg:deb/debian/puppet@2.6.4-2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.4-2%3Fdistro=bullseye

url pkg:deb/debian/puppet@2.7.23-1~deb7u3

purl pkg:deb/debian/puppet@2.7.23-1~deb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18aq-72zg-3uc9

vulnerability	VCID-3kma-3ffw-8qd9

vulnerability	VCID-5g6u-uvej-xbad

vulnerability	VCID-73uh-2gkm-6kgy

vulnerability	VCID-7ypq-wmb7-quhc

vulnerability	VCID-8xgm-pabz-hkeg

vulnerability	VCID-bt3p-h1js-53gg

vulnerability	VCID-fjbx-bqnn-2bf3

vulnerability	VCID-kkve-dj7r-gue1

vulnerability	VCID-wkb1-dm1m-67db

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3

url	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye

url	pkg:ebuild/app-admin/puppet@2.7.23
purl	pkg:ebuild/app-admin/puppet@2.7.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23

Affected_packages

url pkg:deb/debian/puppet@0.20.1-1

purl pkg:deb/debian/puppet@0.20.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18aq-72zg-3uc9

vulnerability	VCID-2jc8-n1j4-m7c6

vulnerability	VCID-3kma-3ffw-8qd9

vulnerability	VCID-3zzj-krc5-skea

vulnerability	VCID-5g6u-uvej-xbad

vulnerability	VCID-5qhd-8wfe-27dy

vulnerability	VCID-72s2-y7m6-kuf6

vulnerability	VCID-73uh-2gkm-6kgy

vulnerability	VCID-75gs-2gu3-6udx

vulnerability	VCID-7jtp-a1nw-bqfs

vulnerability	VCID-7ypq-wmb7-quhc

vulnerability	VCID-8xgm-pabz-hkeg

vulnerability	VCID-a7cn-eqbq-qyb1

vulnerability	VCID-absc-ndrs-yqep

vulnerability	VCID-b94j-dcjk-eqeu

vulnerability	VCID-bt3p-h1js-53gg

vulnerability	VCID-fdk4-8wtn-nqct

vulnerability	VCID-fjbx-bqnn-2bf3

vulnerability	VCID-h88b-abes-3bgr

vulnerability	VCID-jhkk-5euf-uked

vulnerability	VCID-kkve-dj7r-gue1

vulnerability	VCID-kt2h-k72f-tqc7

vulnerability	VCID-nf2h-5vd2-6kb1

vulnerability	VCID-pdpa-qfpq-zkcq

vulnerability	VCID-pgg8-9sk2-57ee

vulnerability	VCID-rfcx-7kc9-mbcr

vulnerability	VCID-rrky-upea-nfd4

vulnerability	VCID-sweb-hbec-k3ha

vulnerability	VCID-tetf-xa1u-uffv

vulnerability	VCID-txx3-3fzg-33cp

vulnerability	VCID-v9kt-4vxm-ekdw

vulnerability	VCID-vgbw-4yuu-57fz

vulnerability	VCID-vrzs-81t1-jyax

vulnerability	VCID-wage-71h9-6qay

vulnerability	VCID-wdwr-8m6q-kff5

vulnerability	VCID-wkb1-dm1m-67db

vulnerability	VCID-ww8x-tzxr-4qbn

vulnerability	VCID-yycs-ny3v-pyeh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0.20.1-1

url pkg:deb/debian/puppet@0.24.5-3%2Blenny2

purl pkg:deb/debian/puppet@0.24.5-3%2Blenny2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18aq-72zg-3uc9

vulnerability	VCID-2jc8-n1j4-m7c6

vulnerability	VCID-3kma-3ffw-8qd9

vulnerability	VCID-3zzj-krc5-skea

vulnerability	VCID-5g6u-uvej-xbad

vulnerability	VCID-5qhd-8wfe-27dy

vulnerability	VCID-72s2-y7m6-kuf6

vulnerability	VCID-73uh-2gkm-6kgy

vulnerability	VCID-75gs-2gu3-6udx

vulnerability	VCID-7jtp-a1nw-bqfs

vulnerability	VCID-7ypq-wmb7-quhc

vulnerability	VCID-8xgm-pabz-hkeg

vulnerability	VCID-a7cn-eqbq-qyb1

vulnerability	VCID-absc-ndrs-yqep

vulnerability	VCID-b94j-dcjk-eqeu

vulnerability	VCID-bt3p-h1js-53gg

vulnerability	VCID-fdk4-8wtn-nqct

vulnerability	VCID-fjbx-bqnn-2bf3

vulnerability	VCID-h88b-abes-3bgr

vulnerability	VCID-jhkk-5euf-uked

vulnerability	VCID-kkve-dj7r-gue1

vulnerability	VCID-kt2h-k72f-tqc7

vulnerability	VCID-nf2h-5vd2-6kb1

vulnerability	VCID-pdpa-qfpq-zkcq

vulnerability	VCID-pgg8-9sk2-57ee

vulnerability	VCID-rfcx-7kc9-mbcr

vulnerability	VCID-rrky-upea-nfd4

vulnerability	VCID-sweb-hbec-k3ha

vulnerability	VCID-tetf-xa1u-uffv

vulnerability	VCID-txx3-3fzg-33cp

vulnerability	VCID-v9kt-4vxm-ekdw

vulnerability	VCID-vgbw-4yuu-57fz

vulnerability	VCID-vrzs-81t1-jyax

vulnerability	VCID-wage-71h9-6qay

vulnerability	VCID-wdwr-8m6q-kff5

vulnerability	VCID-wkb1-dm1m-67db

vulnerability	VCID-ww8x-tzxr-4qbn

vulnerability	VCID-yycs-ny3v-pyeh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0.24.5-3%252Blenny2

url pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9

purl pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18aq-72zg-3uc9

vulnerability	VCID-2jc8-n1j4-m7c6

vulnerability	VCID-3kma-3ffw-8qd9

vulnerability	VCID-3zzj-krc5-skea

vulnerability	VCID-5g6u-uvej-xbad

vulnerability	VCID-72s2-y7m6-kuf6

vulnerability	VCID-73uh-2gkm-6kgy

vulnerability	VCID-75gs-2gu3-6udx

vulnerability	VCID-7jtp-a1nw-bqfs

vulnerability	VCID-7ypq-wmb7-quhc

vulnerability	VCID-8xgm-pabz-hkeg

vulnerability	VCID-a7cn-eqbq-qyb1

vulnerability	VCID-b94j-dcjk-eqeu

vulnerability	VCID-bt3p-h1js-53gg

vulnerability	VCID-fdk4-8wtn-nqct

vulnerability	VCID-fjbx-bqnn-2bf3

vulnerability	VCID-h88b-abes-3bgr

vulnerability	VCID-jhkk-5euf-uked

vulnerability	VCID-kkve-dj7r-gue1

vulnerability	VCID-kt2h-k72f-tqc7

vulnerability	VCID-nf2h-5vd2-6kb1

vulnerability	VCID-pdpa-qfpq-zkcq

vulnerability	VCID-pgg8-9sk2-57ee

vulnerability	VCID-rfcx-7kc9-mbcr

vulnerability	VCID-rrky-upea-nfd4

vulnerability	VCID-sweb-hbec-k3ha

vulnerability	VCID-tetf-xa1u-uffv

vulnerability	VCID-txx3-3fzg-33cp

vulnerability	VCID-v9kt-4vxm-ekdw

vulnerability	VCID-vgbw-4yuu-57fz

vulnerability	VCID-vrzs-81t1-jyax

vulnerability	VCID-wage-71h9-6qay

vulnerability	VCID-wdwr-8m6q-kff5

vulnerability	VCID-wkb1-dm1m-67db

vulnerability	VCID-yycs-ny3v-pyeh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9

url pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze10

purl pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18aq-72zg-3uc9

vulnerability	VCID-2jc8-n1j4-m7c6

vulnerability	VCID-3kma-3ffw-8qd9

vulnerability	VCID-3zzj-krc5-skea

vulnerability	VCID-5g6u-uvej-xbad

vulnerability	VCID-72s2-y7m6-kuf6

vulnerability	VCID-73uh-2gkm-6kgy

vulnerability	VCID-75gs-2gu3-6udx

vulnerability	VCID-7jtp-a1nw-bqfs

vulnerability	VCID-7ypq-wmb7-quhc

vulnerability	VCID-8xgm-pabz-hkeg

vulnerability	VCID-a7cn-eqbq-qyb1

vulnerability	VCID-b94j-dcjk-eqeu

vulnerability	VCID-bt3p-h1js-53gg

vulnerability	VCID-fdk4-8wtn-nqct

vulnerability	VCID-fjbx-bqnn-2bf3

vulnerability	VCID-h88b-abes-3bgr

vulnerability	VCID-jhkk-5euf-uked

vulnerability	VCID-kkve-dj7r-gue1

vulnerability	VCID-kt2h-k72f-tqc7

vulnerability	VCID-nf2h-5vd2-6kb1

vulnerability	VCID-pdpa-qfpq-zkcq

vulnerability	VCID-pgg8-9sk2-57ee

vulnerability	VCID-rfcx-7kc9-mbcr

vulnerability	VCID-rrky-upea-nfd4

vulnerability	VCID-sweb-hbec-k3ha

vulnerability	VCID-tetf-xa1u-uffv

vulnerability	VCID-txx3-3fzg-33cp

vulnerability	VCID-v9kt-4vxm-ekdw

vulnerability	VCID-vgbw-4yuu-57fz

vulnerability	VCID-vrzs-81t1-jyax

vulnerability	VCID-wage-71h9-6qay

vulnerability	VCID-wdwr-8m6q-kff5

vulnerability	VCID-wkb1-dm1m-67db

vulnerability	VCID-yycs-ny3v-pyeh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze10

url pkg:rpm/redhat/puppet@2.6.18-1?arch=el6ost

purl pkg:rpm/redhat/puppet@2.6.18-1?arch=el6ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zzj-krc5-skea

vulnerability	VCID-7jtp-a1nw-bqfs

vulnerability	VCID-rfcx-7kc9-mbcr

vulnerability	VCID-sweb-hbec-k3ha

vulnerability	VCID-v9kt-4vxm-ekdw

vulnerability	VCID-wdwr-8m6q-kff5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/puppet@2.6.18-1%3Farch=el6ost

References

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0710.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0710.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6120

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12823
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12968
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13059
published_at	2026-04-02T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13111
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12914
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12994
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13045
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13007
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12923
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=908629
reference_id	908629
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=908629

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_essex:-:::::::*
reference_id	cpe:2.3:a:redhat:openstack_essex:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_essex:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_folsom:-:::::::*
reference_id	cpe:2.3:a:redhat:openstack_folsom:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_folsom:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6120

reference_id

CVE-2012-6120

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6120

reference_url	https://security.gentoo.org/glsa/201308-04
reference_id	GLSA-201308-04
reference_type
scores
url	https://security.gentoo.org/glsa/201308-04

reference_url	https://access.redhat.com/errata/RHSA-2013:0710
reference_id	RHSA-2013:0710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0710

Weaknesses

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Exploits

Severity_range_score 2.1 - 2.1

Exploitability 0.5

Weighted_severity 1.9

Risk_score 0.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9kt-4vxm-ekdw

Vulnerability Instance