Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/hiera@1.3.4
purl pkg:gem/hiera@1.3.4
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-7ypq-wmb7-quhc Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. CVE-2014-3248
GHSA-92v7-pq4h-58j5
VCID-e8jr-zut7-17b6 This package is vulnerable to Arbitrary Code Execution. The current directory '.' is on the load path for Ruby. If users create ruby source files with names that correspond to those that hiera trys to load, it may result in loading and the execution of these files. GMS-2014-5

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:39:51.338117+00:00 GitLab Importer Fixing VCID-7ypq-wmb7-quhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/CVE-2014-3248.yml 38.4.0
2026-04-16T17:37:33.771983+00:00 Ruby Importer Fixing VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml 38.4.0
2026-04-11T21:50:37.335164+00:00 GitLab Importer Fixing VCID-7ypq-wmb7-quhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/CVE-2014-3248.yml 38.3.0
2026-04-11T21:34:27.736434+00:00 Ruby Importer Fixing VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml 38.3.0
2026-04-02T22:04:26.603341+00:00 GitLab Importer Fixing VCID-7ypq-wmb7-quhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/CVE-2014-3248.yml 38.1.0
2026-04-02T19:32:46.217159+00:00 Ruby Importer Fixing VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml 38.1.0
2026-04-01T15:56:15.368513+00:00 GHSA Importer Fixing VCID-7ypq-wmb7-quhc https://github.com/advisories/GHSA-92v7-pq4h-58j5 38.0.0
2026-04-01T15:49:43.738647+00:00 Ruby Importer Fixing VCID-7ypq-wmb7-quhc https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml 38.0.0
2026-04-01T12:54:18.678900+00:00 GithubOSV Importer Fixing VCID-7ypq-wmb7-quhc https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-92v7-pq4h-58j5/GHSA-92v7-pq4h-58j5.json 38.0.0
2026-04-01T12:47:27.445021+00:00 GitLab Importer Fixing VCID-7ypq-wmb7-quhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/CVE-2014-3248.yml 38.0.0
2026-04-01T12:46:52.768731+00:00 GitLab Importer Fixing VCID-e8jr-zut7-17b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/hiera/GMS-2014-5.yml 38.0.0