{"url":"http://public2.vulnerablecode.io/api/packages/62941?format=json","purl":"pkg:gem/puppet@2.6","type":"gem","namespace":"","name":"puppet","version":"2.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39094?format=json","vulnerability_id":"VCID-ear8-9pcm-zqfz","summary":"Low severity vulnerability that affects puppet\ntelnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html"},{"reference_url":"http://projects.puppetlabs.com/issues/13606","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/issues/13606"},{"reference_url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1989","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-1989"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1989","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18515","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18472","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1855","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18552","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989"},{"reference_url":"http://secunia.com/advisories/48743","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48743"},{"reference_url":"http://secunia.com/advisories/48748","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48748"},{"reference_url":"http://secunia.com/advisories/49136","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49136"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74797","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74797"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access"},{"reference_url":"http://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1419-1"},{"reference_url":"http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/52975"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=837339","reference_id":"837339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=837339"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1989/","reference_id":"CVE-2012-1989","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-1989/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1989","reference_id":"CVE-2012-1989","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1989"},{"reference_url":"https://github.com/advisories/GHSA-c5qq-g673-5p49","reference_id":"GHSA-c5qq-g673-5p49","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c5qq-g673-5p49"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54568?format=json","purl":"pkg:gem/puppet@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38dv-ps67-r7f7"},{"vulnerability":"VCID-7wuf-dtva-x7ej"},{"vulnerability":"VCID-8n86-g8a8-f7a9"},{"vulnerability":"VCID-982t-up4e-t7eg"},{"vulnerability":"VCID-ear8-9pcm-zqfz"},{"vulnerability":"VCID-fjyu-jwpx-sfe5"},{"vulnerability":"VCID-g5ek-ebw1-ebhf"},{"vulnerability":"VCID-gfnp-y7y2-f7fu"},{"vulnerability":"VCID-khb1-phav-ukf8"},{"vulnerability":"VCID-mn3q-6cs1-ukcq"},{"vulnerability":"VCID-msp5-ahmq-hbc3"},{"vulnerability":"VCID-nrht-tzzq-eqhs"},{"vulnerability":"VCID-qhz5-1muw-dqgn"},{"vulnerability":"VCID-ta3j-j5s5-hfba"},{"vulnerability":"VCID-thv1-66q2-uuc9"},{"vulnerability":"VCID-tstb-eb21-hkhp"},{"vulnerability":"VCID-vxdt-q1t7-27hh"},{"vulnerability":"VCID-wqm7-m41f-pqfm"},{"vulnerability":"VCID-xhmp-nrhy-zfcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13"}],"aliases":["CVE-2012-1989","GHSA-c5qq-g673-5p49"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ear8-9pcm-zqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44072?format=json","vulnerability_id":"VCID-g5ek-ebw1-ebhf","summary":"Puppet Privilege Escallation\nThe change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1053","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13752","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13793","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13833","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1383","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/73445","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/73445"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html"},{"reference_url":"https://ubuntu.com/usn/usn-1372-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/usn/usn-1372-1"},{"reference_url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053"},{"reference_url":"https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458"},{"reference_url":"https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457"},{"reference_url":"https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459"},{"reference_url":"https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158"},{"reference_url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14"},{"reference_url":"https://www.debian.org/security/2012/dsa-2419","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2012/dsa-2419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=791001","reference_id":"791001","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=791001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1053","reference_id":"CVE-2012-1053","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1053"},{"reference_url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/","reference_id":"CVE-2012-1053","reference_type":"","scores":[],"url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/"},{"reference_url":"https://github.com/advisories/GHSA-77hg-g8cc-5r37","reference_id":"GHSA-77hg-g8cc-5r37","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-77hg-g8cc-5r37"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1372-1/","reference_id":"USN-1372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63369?format=json","purl":"pkg:gem/puppet@2.6.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38dv-ps67-r7f7"},{"vulnerability":"VCID-7wuf-dtva-x7ej"},{"vulnerability":"VCID-8n86-g8a8-f7a9"},{"vulnerability":"VCID-982t-up4e-t7eg"},{"vulnerability":"VCID-ear8-9pcm-zqfz"},{"vulnerability":"VCID-fjyu-jwpx-sfe5"},{"vulnerability":"VCID-g5ek-ebw1-ebhf"},{"vulnerability":"VCID-gfnp-y7y2-f7fu"},{"vulnerability":"VCID-khb1-phav-ukf8"},{"vulnerability":"VCID-mn3q-6cs1-ukcq"},{"vulnerability":"VCID-msp5-ahmq-hbc3"},{"vulnerability":"VCID-nrht-tzzq-eqhs"},{"vulnerability":"VCID-qhz5-1muw-dqgn"},{"vulnerability":"VCID-ta3j-j5s5-hfba"},{"vulnerability":"VCID-thv1-66q2-uuc9"},{"vulnerability":"VCID-tstb-eb21-hkhp"},{"vulnerability":"VCID-vxdt-q1t7-27hh"},{"vulnerability":"VCID-wqm7-m41f-pqfm"},{"vulnerability":"VCID-xhmp-nrhy-zfcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.14"},{"url":"http://public2.vulnerablecode.io/api/packages/63370?format=json","purl":"pkg:gem/puppet@2.7.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38dv-ps67-r7f7"},{"vulnerability":"VCID-7wuf-dtva-x7ej"},{"vulnerability":"VCID-8n86-g8a8-f7a9"},{"vulnerability":"VCID-982t-up4e-t7eg"},{"vulnerability":"VCID-ear8-9pcm-zqfz"},{"vulnerability":"VCID-fjyu-jwpx-sfe5"},{"vulnerability":"VCID-g5ek-ebw1-ebhf"},{"vulnerability":"VCID-gfnp-y7y2-f7fu"},{"vulnerability":"VCID-khb1-phav-ukf8"},{"vulnerability":"VCID-mn3q-6cs1-ukcq"},{"vulnerability":"VCID-msp5-ahmq-hbc3"},{"vulnerability":"VCID-nrht-tzzq-eqhs"},{"vulnerability":"VCID-qhz5-1muw-dqgn"},{"vulnerability":"VCID-ta3j-j5s5-hfba"},{"vulnerability":"VCID-thv1-66q2-uuc9"},{"vulnerability":"VCID-tstb-eb21-hkhp"},{"vulnerability":"VCID-vxdt-q1t7-27hh"},{"vulnerability":"VCID-wqm7-m41f-pqfm"},{"vulnerability":"VCID-xhmp-nrhy-zfcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.11"}],"aliases":["CVE-2012-1053","GHSA-77hg-g8cc-5r37"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g5ek-ebw1-ebhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43815?format=json","vulnerability_id":"VCID-gfnp-y7y2-f7fu","summary":"Puppet uses predictable filenames, allowing arbitrary file overwrite\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.","references":[{"reference_url":"http://projects.puppetlabs.com/issues/13260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/issues/13260"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1906","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-1906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1906","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19977","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19946","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20022","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20016","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74793"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml"},{"reference_url":"https://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/usn/usn-1419-1"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://www.debian.org/security/2012/dsa-2451","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2012/dsa-2451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236311","reference_id":"2236311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236311"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1906","reference_id":"CVE-2012-1906","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1906"},{"reference_url":"https://github.com/advisories/GHSA-c4mc-49hq-q275","reference_id":"GHSA-c4mc-49hq-q275","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c4mc-49hq-q275"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62943?format=json","purl":"pkg:gem/puppet@2.6.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38dv-ps67-r7f7"},{"vulnerability":"VCID-7wuf-dtva-x7ej"},{"vulnerability":"VCID-8n86-g8a8-f7a9"},{"vulnerability":"VCID-982t-up4e-t7eg"},{"vulnerability":"VCID-ear8-9pcm-zqfz"},{"vulnerability":"VCID-fjyu-jwpx-sfe5"},{"vulnerability":"VCID-g5ek-ebw1-ebhf"},{"vulnerability":"VCID-gfnp-y7y2-f7fu"},{"vulnerability":"VCID-khb1-phav-ukf8"},{"vulnerability":"VCID-mn3q-6cs1-ukcq"},{"vulnerability":"VCID-msp5-ahmq-hbc3"},{"vulnerability":"VCID-nrht-tzzq-eqhs"},{"vulnerability":"VCID-qhz5-1muw-dqgn"},{"vulnerability":"VCID-ta3j-j5s5-hfba"},{"vulnerability":"VCID-thv1-66q2-uuc9"},{"vulnerability":"VCID-tstb-eb21-hkhp"},{"vulnerability":"VCID-vxdt-q1t7-27hh"},{"vulnerability":"VCID-wqm7-m41f-pqfm"},{"vulnerability":"VCID-xhmp-nrhy-zfcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.15"},{"url":"http://public2.vulnerablecode.io/api/packages/54568?format=json","purl":"pkg:gem/puppet@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38dv-ps67-r7f7"},{"vulnerability":"VCID-7wuf-dtva-x7ej"},{"vulnerability":"VCID-8n86-g8a8-f7a9"},{"vulnerability":"VCID-982t-up4e-t7eg"},{"vulnerability":"VCID-ear8-9pcm-zqfz"},{"vulnerability":"VCID-fjyu-jwpx-sfe5"},{"vulnerability":"VCID-g5ek-ebw1-ebhf"},{"vulnerability":"VCID-gfnp-y7y2-f7fu"},{"vulnerability":"VCID-khb1-phav-ukf8"},{"vulnerability":"VCID-mn3q-6cs1-ukcq"},{"vulnerability":"VCID-msp5-ahmq-hbc3"},{"vulnerability":"VCID-nrht-tzzq-eqhs"},{"vulnerability":"VCID-qhz5-1muw-dqgn"},{"vulnerability":"VCID-ta3j-j5s5-hfba"},{"vulnerability":"VCID-thv1-66q2-uuc9"},{"vulnerability":"VCID-tstb-eb21-hkhp"},{"vulnerability":"VCID-vxdt-q1t7-27hh"},{"vulnerability":"VCID-wqm7-m41f-pqfm"},{"vulnerability":"VCID-xhmp-nrhy-zfcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13"}],"aliases":["CVE-2012-1906","GHSA-c4mc-49hq-q275"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfnp-y7y2-f7fu"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6"}