Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/hiera@1.3.2.rc1
purl pkg:gem/hiera@1.3.2.rc1
Next non-vulnerable version 1.3.4
Latest non-vulnerable version 1.3.4
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-7ypq-wmb7-quhc
Aliases:
CVE-2014-3248
GHSA-92v7-pq4h-58j5
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
1.3.4
Affected by 0 other vulnerabilities.
VCID-e8jr-zut7-17b6
Aliases:
GMS-2014-5
This package is vulnerable to Arbitrary Code Execution. The current directory '.' is on the load path for Ruby. If users create ruby source files with names that correspond to those that hiera trys to load, it may result in loading and the execution of these files.
1.3.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:39:51.325672+00:00 GitLab Importer Affected by VCID-7ypq-wmb7-quhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/CVE-2014-3248.yml 38.4.0
2026-04-16T20:31:30.092052+00:00 GitLab Importer Affected by VCID-e8jr-zut7-17b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/GMS-2014-5.yml 38.4.0
2026-04-16T17:37:33.759189+00:00 Ruby Importer Affected by VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml 38.4.0
2026-04-11T21:50:37.320835+00:00 GitLab Importer Affected by VCID-7ypq-wmb7-quhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/CVE-2014-3248.yml 38.3.0
2026-04-11T21:41:51.884412+00:00 GitLab Importer Affected by VCID-e8jr-zut7-17b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/GMS-2014-5.yml 38.3.0
2026-04-11T21:34:27.722848+00:00 Ruby Importer Affected by VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml 38.3.0
2026-04-02T22:04:26.589939+00:00 GitLab Importer Affected by VCID-7ypq-wmb7-quhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/CVE-2014-3248.yml 38.1.0
2026-04-02T21:56:03.457816+00:00 GitLab Importer Affected by VCID-e8jr-zut7-17b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/GMS-2014-5.yml 38.1.0
2026-04-02T19:32:46.204409+00:00 Ruby Importer Affected by VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml 38.1.0
2026-04-01T16:21:23.555328+00:00 GitLab Importer Affected by VCID-7ypq-wmb7-quhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/CVE-2014-3248.yml 38.0.0
2026-04-01T16:13:14.103400+00:00 GitLab Importer Affected by VCID-e8jr-zut7-17b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/GMS-2014-5.yml 38.0.0
2026-04-01T15:49:43.721328+00:00 Ruby Importer Affected by VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml 38.0.0