{"url":"http://public2.vulnerablecode.io/api/packages/124356?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-5?distro=trixie","type":"deb","namespace":"debian","name":"puppet-module-puppetlabs-mysql","version":"8.1.0-5","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"15.0.0-1","latest_non_vulnerable_version":"15.0.0-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98814?format=json","vulnerability_id":"VCID-1km4-5maq-yqg5","summary":"Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3276.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3276.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3276","reference_id":"","reference_type":"","scores":[{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72917","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72954","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72961","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72944","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72931","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72956","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3276"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027154","reference_id":"1027154","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027154"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2132541","reference_id":"2132541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2132541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7238","reference_id":"RHSA-2022:7238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124359?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@15.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@15.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124357?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@15.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@15.0.0-3%3Fdistro=trixie"}],"aliases":["CVE-2022-3276"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1km4-5maq-yqg5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98809?format=json","vulnerability_id":"VCID-ajd6-e6sk-6ubd","summary":"Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6508.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6508.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6508","reference_id":"","reference_type":"","scores":[{"value":"0.00905","scoring_system":"epss","scoring_elements":"0.76118","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00905","scoring_system":"epss","scoring_elements":"0.76143","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00905","scoring_system":"epss","scoring_elements":"0.76144","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00905","scoring_system":"epss","scoring_elements":"0.76136","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00905","scoring_system":"epss","scoring_elements":"0.76124","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00905","scoring_system":"epss","scoring_elements":"0.76148","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6508"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542831","reference_id":"1542831","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542831"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124358?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124356?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1km4-5maq-yqg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124354?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-7?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1km4-5maq-yqg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124357?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@15.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@15.0.0-3%3Fdistro=trixie"}],"aliases":["CVE-2018-6508"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajd6-e6sk-6ubd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98813?format=json","vulnerability_id":"VCID-f2uk-hkzc-ubg8","summary":"puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7224","reference_id":"","reference_type":"","scores":[{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68179","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68218","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68226","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68203","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.6822","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7224"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124355?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@3.6.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@3.6.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124356?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1km4-5maq-yqg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124354?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-7?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1km4-5maq-yqg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124357?format=json","purl":"pkg:deb/debian/puppet-module-puppetlabs-mysql@15.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@15.0.0-3%3Fdistro=trixie"}],"aliases":["CVE-2015-7224"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2uk-hkzc-ubg8"}],"risk_score":"3.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet-module-puppetlabs-mysql@8.1.0-5%3Fdistro=trixie"}