{"url":"http://public2.vulnerablecode.io/api/packages/54417?format=json","purl":"pkg:gem/puppet@2.6","type":"gem","namespace":"","name":"puppet","version":"2.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15833?format=json","vulnerability_id":"VCID-2jc8-n1j4-m7c6","summary":"Puppet Privilege Escallation\nThe change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1053","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13132","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13348","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13453","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13418","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13372","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13357","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13362","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13231","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13389","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13551","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/73445","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/73445"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html"},{"reference_url":"https://ubuntu.com/usn/usn-1372-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/usn/usn-1372-1"},{"reference_url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053"},{"reference_url":"https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458"},{"reference_url":"https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457"},{"reference_url":"https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459"},{"reference_url":"https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158"},{"reference_url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14"},{"reference_url":"https://www.debian.org/security/2012/dsa-2419","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2012/dsa-2419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=791001","reference_id":"791001","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=791001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1053","reference_id":"CVE-2012-1053","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1053"},{"reference_url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/","reference_id":"CVE-2012-1053","reference_type":"","scores":[],"url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/"},{"reference_url":"https://github.com/advisories/GHSA-77hg-g8cc-5r37","reference_id":"GHSA-77hg-g8cc-5r37","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77hg-g8cc-5r37"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1372-1/","reference_id":"USN-1372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55092?format=json","purl":"pkg:gem/puppet@2.6.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jc8-n1j4-m7c6"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-5qhd-8wfe-27dy"},{"vulnerability":"VCID-75gs-2gu3-6udx"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-b94j-dcjk-eqeu"},{"vulnerability":"VCID-h88b-abes-3bgr"},{"vulnerability":"VCID-jhkk-5euf-uked"},{"vulnerability":"VCID-kt2h-k72f-tqc7"},{"vulnerability":"VCID-pdpa-qfpq-zkcq"},{"vulnerability":"VCID-pgg8-9sk2-57ee"},{"vulnerability":"VCID-qdsk-m9ye-z3a4"},{"vulnerability":"VCID-s94z-5sd6-33dk"},{"vulnerability":"VCID-tetf-xa1u-uffv"},{"vulnerability":"VCID-vgbw-4yuu-57fz"},{"vulnerability":"VCID-wage-71h9-6qay"},{"vulnerability":"VCID-ww8x-tzxr-4qbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55093?format=json","purl":"pkg:gem/puppet@2.7.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jc8-n1j4-m7c6"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-5qhd-8wfe-27dy"},{"vulnerability":"VCID-75gs-2gu3-6udx"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-b94j-dcjk-eqeu"},{"vulnerability":"VCID-h88b-abes-3bgr"},{"vulnerability":"VCID-jhkk-5euf-uked"},{"vulnerability":"VCID-kt2h-k72f-tqc7"},{"vulnerability":"VCID-pdpa-qfpq-zkcq"},{"vulnerability":"VCID-pgg8-9sk2-57ee"},{"vulnerability":"VCID-qdsk-m9ye-z3a4"},{"vulnerability":"VCID-s94z-5sd6-33dk"},{"vulnerability":"VCID-tetf-xa1u-uffv"},{"vulnerability":"VCID-vgbw-4yuu-57fz"},{"vulnerability":"VCID-wage-71h9-6qay"},{"vulnerability":"VCID-ww8x-tzxr-4qbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.11"}],"aliases":["CVE-2012-1053","GHSA-77hg-g8cc-5r37"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8447?format=json","vulnerability_id":"VCID-pgg8-9sk2-57ee","summary":"Low severity vulnerability that affects puppet\ntelnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html"},{"reference_url":"http://projects.puppetlabs.com/issues/13606","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/issues/13606"},{"reference_url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1989","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-1989"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1989","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17935","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18287","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18181","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18193","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18221","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18131","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18076","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18282","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1828","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18333","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989"},{"reference_url":"http://secunia.com/advisories/48743","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48743"},{"reference_url":"http://secunia.com/advisories/48748","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48748"},{"reference_url":"http://secunia.com/advisories/49136","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49136"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74797","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74797"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access"},{"reference_url":"http://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1419-1"},{"reference_url":"http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/52975"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=837339","reference_id":"837339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=837339"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1989/","reference_id":"CVE-2012-1989","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-1989/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1989","reference_id":"CVE-2012-1989","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1989"},{"reference_url":"https://github.com/advisories/GHSA-c5qq-g673-5p49","reference_id":"GHSA-c5qq-g673-5p49","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c5qq-g673-5p49"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25176?format=json","purl":"pkg:gem/puppet@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jc8-n1j4-m7c6"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-5qhd-8wfe-27dy"},{"vulnerability":"VCID-75gs-2gu3-6udx"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-b94j-dcjk-eqeu"},{"vulnerability":"VCID-h88b-abes-3bgr"},{"vulnerability":"VCID-jhkk-5euf-uked"},{"vulnerability":"VCID-kt2h-k72f-tqc7"},{"vulnerability":"VCID-pdpa-qfpq-zkcq"},{"vulnerability":"VCID-pgg8-9sk2-57ee"},{"vulnerability":"VCID-qdsk-m9ye-z3a4"},{"vulnerability":"VCID-s94z-5sd6-33dk"},{"vulnerability":"VCID-tetf-xa1u-uffv"},{"vulnerability":"VCID-vgbw-4yuu-57fz"},{"vulnerability":"VCID-wage-71h9-6qay"},{"vulnerability":"VCID-ww8x-tzxr-4qbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13"}],"aliases":["CVE-2012-1989","GHSA-c5qq-g673-5p49"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgg8-9sk2-57ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15405?format=json","vulnerability_id":"VCID-tetf-xa1u-uffv","summary":"Puppet uses predictable filenames, allowing arbitrary file overwrite\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.","references":[{"reference_url":"http://projects.puppetlabs.com/issues/13260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/issues/13260"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1906","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-1906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1906","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19463","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1972","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19722","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19734","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19628","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19615","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1958","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19785","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19931","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19986","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19712","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19792","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19844","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19847","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74793"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml"},{"reference_url":"https://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/usn/usn-1419-1"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://www.debian.org/security/2012/dsa-2451","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2012/dsa-2451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236311","reference_id":"2236311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236311"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1906/","reference_id":"CVE-2012-1906","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-1906/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1906","reference_id":"CVE-2012-1906","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1906"},{"reference_url":"https://github.com/advisories/GHSA-c4mc-49hq-q275","reference_id":"GHSA-c4mc-49hq-q275","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4mc-49hq-q275"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54419?format=json","purl":"pkg:gem/puppet@2.6.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jc8-n1j4-m7c6"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-5qhd-8wfe-27dy"},{"vulnerability":"VCID-75gs-2gu3-6udx"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-b94j-dcjk-eqeu"},{"vulnerability":"VCID-h88b-abes-3bgr"},{"vulnerability":"VCID-jhkk-5euf-uked"},{"vulnerability":"VCID-kt2h-k72f-tqc7"},{"vulnerability":"VCID-pdpa-qfpq-zkcq"},{"vulnerability":"VCID-pgg8-9sk2-57ee"},{"vulnerability":"VCID-qdsk-m9ye-z3a4"},{"vulnerability":"VCID-s94z-5sd6-33dk"},{"vulnerability":"VCID-tetf-xa1u-uffv"},{"vulnerability":"VCID-vgbw-4yuu-57fz"},{"vulnerability":"VCID-wage-71h9-6qay"},{"vulnerability":"VCID-ww8x-tzxr-4qbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.15"},{"url":"http://public2.vulnerablecode.io/api/packages/25176?format=json","purl":"pkg:gem/puppet@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jc8-n1j4-m7c6"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-5qhd-8wfe-27dy"},{"vulnerability":"VCID-75gs-2gu3-6udx"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-b94j-dcjk-eqeu"},{"vulnerability":"VCID-h88b-abes-3bgr"},{"vulnerability":"VCID-jhkk-5euf-uked"},{"vulnerability":"VCID-kt2h-k72f-tqc7"},{"vulnerability":"VCID-pdpa-qfpq-zkcq"},{"vulnerability":"VCID-pgg8-9sk2-57ee"},{"vulnerability":"VCID-qdsk-m9ye-z3a4"},{"vulnerability":"VCID-s94z-5sd6-33dk"},{"vulnerability":"VCID-tetf-xa1u-uffv"},{"vulnerability":"VCID-vgbw-4yuu-57fz"},{"vulnerability":"VCID-wage-71h9-6qay"},{"vulnerability":"VCID-ww8x-tzxr-4qbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13"}],"aliases":["CVE-2012-1906","GHSA-c4mc-49hq-q275"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tetf-xa1u-uffv"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6"}