VulnerableCode Package Details - pkg:rpm/redhat/ruby193-puppet@3.1.1-11.1?arch=el6ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-3kma-3ffw-8qd9 Aliases: CVE-2013-3567 GHSA-f7p5-w2cr-7cp7	Improper Input Validation Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.	There are no reported fixed by versions.
VCID-5g6u-uvej-xbad Aliases: CVE-2013-4761 GHSA-cj43-9h3w-v976	Moderate severity vulnerability that affects puppet Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.	There are no reported fixed by versions.
VCID-73uh-2gkm-6kgy Aliases: CVE-2013-4956	Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3kma-3ffw-8qd9
Aliases:
CVE-2013-3567
GHSA-f7p5-w2cr-7cp7

Improper Input Validation Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

There are no reported fixed by versions.

VCID-5g6u-uvej-xbad
Aliases:
CVE-2013-4761
GHSA-cj43-9h3w-v976

Moderate severity vulnerability that affects puppet Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.

There are no reported fixed by versions.

VCID-73uh-2gkm-6kgy
Aliases:
CVE-2013-4956

Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:50:35.260704+00:00	RedHat Importer	Affected by	VCID-3kma-3ffw-8qd9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json	38.0.0
2026-04-01T14:50:19.539531+00:00	RedHat Importer	Affected by	VCID-5g6u-uvej-xbad	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json	38.0.0
2026-04-01T14:50:19.448357+00:00	RedHat Importer	Affected by	VCID-73uh-2gkm-6kgy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json	38.0.0