Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/facter@2.4.6
purl pkg:gem/facter@2.4.6
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-7ypq-wmb7-quhc
Aliases:
CVE-2014-3248
GHSA-92v7-pq4h-58j5
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T17:37:13.925996+00:00 Ruby Importer Affected by VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml 38.4.0
2026-04-11T21:34:05.981997+00:00 Ruby Importer Affected by VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml 38.3.0
2026-04-02T19:32:27.765010+00:00 Ruby Importer Affected by VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml 38.1.0
2026-04-01T15:49:22.997695+00:00 Ruby Importer Affected by VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml 38.0.0