Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wmv1-2hjk-8ycf

Summary The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.

Aliases

alias	CVE-2013-1640

Fixed_packages

url	pkg:deb/debian/puppet@2.7.18-3?distro=bullseye
purl	pkg:deb/debian/puppet@2.7.18-3?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.18-3%3Fdistro=bullseye

url pkg:deb/debian/puppet@2.7.23-1~deb7u3

purl pkg:deb/debian/puppet@2.7.23-1~deb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n9j-3ymz-dub5

vulnerability	VCID-38dv-ps67-r7f7

vulnerability	VCID-3xtf-acbg-nqhe

vulnerability	VCID-86jb-mnzj-e3cy

vulnerability	VCID-b5ns-wtb6-fkha

vulnerability	VCID-jj8h-wz8z-xfbq

vulnerability	VCID-mn3q-6cs1-ukcq

vulnerability	VCID-nrht-tzzq-eqhs

vulnerability	VCID-wqeh-3r7d-7ffz

vulnerability	VCID-wqm7-m41f-pqfm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3

url	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl	pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye

url	pkg:ebuild/app-admin/puppet@2.7.23
purl	pkg:ebuild/app-admin/puppet@2.7.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23

Affected_packages

url pkg:deb/debian/puppet@0.20.1-1

purl pkg:deb/debian/puppet@0.20.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n9j-3ymz-dub5

vulnerability	VCID-38dv-ps67-r7f7

vulnerability	VCID-3xtf-acbg-nqhe

vulnerability	VCID-6816-tprb-zqgt

vulnerability	VCID-7gsz-qxb2-mbe7

vulnerability	VCID-7wuf-dtva-x7ej

vulnerability	VCID-86jb-mnzj-e3cy

vulnerability	VCID-982t-up4e-t7eg

vulnerability	VCID-9t7v-tnzt-cqa6

vulnerability	VCID-b5ns-wtb6-fkha

vulnerability	VCID-c6dw-92d3-n7c5

vulnerability	VCID-df8e-jf8b-puec

vulnerability	VCID-djqs-7e92-wbb7

vulnerability	VCID-ear8-9pcm-zqfz

vulnerability	VCID-ej47-hdx8-pbhp

vulnerability	VCID-fjyu-jwpx-sfe5

vulnerability	VCID-fwaq-2kzp-2kgc

vulnerability	VCID-g1nc-3ca8-xkes

vulnerability	VCID-g5ek-ebw1-ebhf

vulnerability	VCID-gfnp-y7y2-f7fu

vulnerability	VCID-jj8h-wz8z-xfbq

vulnerability	VCID-jrdk-dzhe-z7ff

vulnerability	VCID-jwz8-kbu1-f3d7

vulnerability	VCID-khb1-phav-ukf8

vulnerability	VCID-mn3q-6cs1-ukcq

vulnerability	VCID-mntc-3nm2-xybw

vulnerability	VCID-msp5-ahmq-hbc3

vulnerability	VCID-nrht-tzzq-eqhs

vulnerability	VCID-qhz5-1muw-dqgn

vulnerability	VCID-ta3j-j5s5-hfba

vulnerability	VCID-thv1-66q2-uuc9

vulnerability	VCID-vxdt-q1t7-27hh

vulnerability	VCID-wmv1-2hjk-8ycf

vulnerability	VCID-wpqq-eg3b-3kcc

vulnerability	VCID-wqeh-3r7d-7ffz

vulnerability	VCID-wqm7-m41f-pqfm

vulnerability	VCID-xhmp-nrhy-zfcn

vulnerability	VCID-xxht-cd83-7qb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0.20.1-1

url pkg:deb/debian/puppet@0.24.5-3%2Blenny2

purl pkg:deb/debian/puppet@0.24.5-3%2Blenny2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n9j-3ymz-dub5

vulnerability	VCID-38dv-ps67-r7f7

vulnerability	VCID-3xtf-acbg-nqhe

vulnerability	VCID-6816-tprb-zqgt

vulnerability	VCID-7gsz-qxb2-mbe7

vulnerability	VCID-7wuf-dtva-x7ej

vulnerability	VCID-86jb-mnzj-e3cy

vulnerability	VCID-982t-up4e-t7eg

vulnerability	VCID-9t7v-tnzt-cqa6

vulnerability	VCID-b5ns-wtb6-fkha

vulnerability	VCID-c6dw-92d3-n7c5

vulnerability	VCID-df8e-jf8b-puec

vulnerability	VCID-djqs-7e92-wbb7

vulnerability	VCID-ear8-9pcm-zqfz

vulnerability	VCID-ej47-hdx8-pbhp

vulnerability	VCID-fjyu-jwpx-sfe5

vulnerability	VCID-fwaq-2kzp-2kgc

vulnerability	VCID-g1nc-3ca8-xkes

vulnerability	VCID-g5ek-ebw1-ebhf

vulnerability	VCID-gfnp-y7y2-f7fu

vulnerability	VCID-jj8h-wz8z-xfbq

vulnerability	VCID-jrdk-dzhe-z7ff

vulnerability	VCID-jwz8-kbu1-f3d7

vulnerability	VCID-khb1-phav-ukf8

vulnerability	VCID-mn3q-6cs1-ukcq

vulnerability	VCID-mntc-3nm2-xybw

vulnerability	VCID-msp5-ahmq-hbc3

vulnerability	VCID-nrht-tzzq-eqhs

vulnerability	VCID-qhz5-1muw-dqgn

vulnerability	VCID-ta3j-j5s5-hfba

vulnerability	VCID-thv1-66q2-uuc9

vulnerability	VCID-vxdt-q1t7-27hh

vulnerability	VCID-wmv1-2hjk-8ycf

vulnerability	VCID-wpqq-eg3b-3kcc

vulnerability	VCID-wqeh-3r7d-7ffz

vulnerability	VCID-wqm7-m41f-pqfm

vulnerability	VCID-xhmp-nrhy-zfcn

vulnerability	VCID-xxht-cd83-7qb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0.24.5-3%252Blenny2

url pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9

purl pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n9j-3ymz-dub5

vulnerability	VCID-38dv-ps67-r7f7

vulnerability	VCID-3xtf-acbg-nqhe

vulnerability	VCID-6816-tprb-zqgt

vulnerability	VCID-7gsz-qxb2-mbe7

vulnerability	VCID-7wuf-dtva-x7ej

vulnerability	VCID-86jb-mnzj-e3cy

vulnerability	VCID-9t7v-tnzt-cqa6

vulnerability	VCID-b5ns-wtb6-fkha

vulnerability	VCID-c6dw-92d3-n7c5

vulnerability	VCID-df8e-jf8b-puec

vulnerability	VCID-djqs-7e92-wbb7

vulnerability	VCID-ear8-9pcm-zqfz

vulnerability	VCID-ej47-hdx8-pbhp

vulnerability	VCID-fjyu-jwpx-sfe5

vulnerability	VCID-fwaq-2kzp-2kgc

vulnerability	VCID-g1nc-3ca8-xkes

vulnerability	VCID-g5ek-ebw1-ebhf

vulnerability	VCID-gfnp-y7y2-f7fu

vulnerability	VCID-jj8h-wz8z-xfbq

vulnerability	VCID-jrdk-dzhe-z7ff

vulnerability	VCID-jwz8-kbu1-f3d7

vulnerability	VCID-khb1-phav-ukf8

vulnerability	VCID-mn3q-6cs1-ukcq

vulnerability	VCID-mntc-3nm2-xybw

vulnerability	VCID-nrht-tzzq-eqhs

vulnerability	VCID-qhz5-1muw-dqgn

vulnerability	VCID-ta3j-j5s5-hfba

vulnerability	VCID-thv1-66q2-uuc9

vulnerability	VCID-vxdt-q1t7-27hh

vulnerability	VCID-wmv1-2hjk-8ycf

vulnerability	VCID-wqeh-3r7d-7ffz

vulnerability	VCID-wqm7-m41f-pqfm

vulnerability	VCID-xhmp-nrhy-zfcn

vulnerability	VCID-xxht-cd83-7qb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9

url pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze10

purl pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n9j-3ymz-dub5

vulnerability	VCID-38dv-ps67-r7f7

vulnerability	VCID-3xtf-acbg-nqhe

vulnerability	VCID-6816-tprb-zqgt

vulnerability	VCID-7gsz-qxb2-mbe7

vulnerability	VCID-7wuf-dtva-x7ej

vulnerability	VCID-86jb-mnzj-e3cy

vulnerability	VCID-9t7v-tnzt-cqa6

vulnerability	VCID-b5ns-wtb6-fkha

vulnerability	VCID-c6dw-92d3-n7c5

vulnerability	VCID-df8e-jf8b-puec

vulnerability	VCID-djqs-7e92-wbb7

vulnerability	VCID-ear8-9pcm-zqfz

vulnerability	VCID-ej47-hdx8-pbhp

vulnerability	VCID-fjyu-jwpx-sfe5

vulnerability	VCID-fwaq-2kzp-2kgc

vulnerability	VCID-g1nc-3ca8-xkes

vulnerability	VCID-g5ek-ebw1-ebhf

vulnerability	VCID-gfnp-y7y2-f7fu

vulnerability	VCID-jj8h-wz8z-xfbq

vulnerability	VCID-jrdk-dzhe-z7ff

vulnerability	VCID-jwz8-kbu1-f3d7

vulnerability	VCID-khb1-phav-ukf8

vulnerability	VCID-mn3q-6cs1-ukcq

vulnerability	VCID-mntc-3nm2-xybw

vulnerability	VCID-nrht-tzzq-eqhs

vulnerability	VCID-qhz5-1muw-dqgn

vulnerability	VCID-ta3j-j5s5-hfba

vulnerability	VCID-thv1-66q2-uuc9

vulnerability	VCID-vxdt-q1t7-27hh

vulnerability	VCID-wmv1-2hjk-8ycf

vulnerability	VCID-wqeh-3r7d-7ffz

vulnerability	VCID-wqm7-m41f-pqfm

vulnerability	VCID-xhmp-nrhy-zfcn

vulnerability	VCID-xxht-cd83-7qb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze10

url pkg:rpm/redhat/puppet@2.6.18-1?arch=el6ost

purl pkg:rpm/redhat/puppet@2.6.18-1?arch=el6ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7gsz-qxb2-mbe7

vulnerability	VCID-9t7v-tnzt-cqa6

vulnerability	VCID-c6dw-92d3-n7c5

vulnerability	VCID-ej47-hdx8-pbhp

vulnerability	VCID-fwaq-2kzp-2kgc

vulnerability	VCID-wmv1-2hjk-8ycf

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/puppet@2.6.18-1%3Farch=el6ost

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1640

reference_id

reference_type

scores

value	0.02291
scoring_system	epss
scoring_elements	0.85011
published_at	2026-06-04T12:55:00Z

value	0.02291
scoring_system	epss
scoring_elements	0.85035
published_at	2026-06-05T12:55:00Z

value	0.02291
scoring_system	epss
scoring_elements	0.85039
published_at	2026-06-06T12:55:00Z

value	0.02291
scoring_system	epss
scoring_elements	0.85033
published_at	2026-06-07T12:55:00Z

value	0.02291
scoring_system	epss
scoring_elements	0.85024
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1640

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=919783
reference_id	919783
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=919783

reference_url	https://security.gentoo.org/glsa/201308-04
reference_id	GLSA-201308-04
reference_type
scores
url	https://security.gentoo.org/glsa/201308-04

reference_url	https://access.redhat.com/errata/RHSA-2013:0710
reference_id	RHSA-2013:0710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0710

reference_url	https://usn.ubuntu.com/1759-1/
reference_id	USN-1759-1
reference_type
scores
url	https://usn.ubuntu.com/1759-1/

Weaknesses

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmv1-2hjk-8ycf

Vulnerability Instance