{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","type":"ebuild","namespace":"app-admin","name":"puppet","version":"2.7.23","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8452?format=json","vulnerability_id":"VCID-3kma-3ffw-8qd9","summary":"Improper Input Validation\nPuppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1283.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1283.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1284.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1284.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3567","reference_id":"","reference_type":"","scores":[{"value":"0.05772","scoring_system":"epss","scoring_elements":"0.90562","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05772","scoring_system":"epss","scoring_elements":"0.90549","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91037","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91097","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.911","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91114","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91111","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91107","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91121","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91135","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91147","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91023","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91028","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91046","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91058","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91064","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91073","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567"},{"reference_url":"http://secunia.com/advisories/54429","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/54429"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-3567","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppetlabs.com/security/cve/cve-2013-3567"},{"reference_url":"https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability"},{"reference_url":"http://www.debian.org/security/2013/dsa-2715","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2715"},{"reference_url":"http://www.ubuntu.com/usn/USN-1886-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1886-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745","reference_id":"712745","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=974649","reference_id":"974649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=974649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3567","reference_id":"CVE-2013-3567","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3567"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-3567/","reference_id":"CVE-2013-3567","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-3567/"},{"reference_url":"https://github.com/advisories/GHSA-f7p5-w2cr-7cp7","reference_id":"GHSA-f7p5-w2cr-7cp7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7p5-w2cr-7cp7"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1283","reference_id":"RHSA-2013:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1284","reference_id":"RHSA-2013:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1284"},{"reference_url":"https://usn.ubuntu.com/1886-1/","reference_id":"USN-1886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1886-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-3567","GHSA-f7p5-w2cr-7cp7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44797?format=json","vulnerability_id":"VCID-3zzj-krc5-skea","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2275.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2275.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2275","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59464","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59231","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59328","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59292","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59343","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59356","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59359","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59341","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59373","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.5938","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59338","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59358","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59301","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59349","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59407","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59365","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59392","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-2275/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-2275/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58449","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58449"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919785","reference_id":"919785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919785"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2275","reference_id":"CVE-2013-2275","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2275"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-2275"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zzj-krc5-skea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8397?format=json","vulnerability_id":"VCID-5g6u-uvej-xbad","summary":"Moderate severity vulnerability that affects puppet\nUnspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2013-4761","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2013-4761"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1283.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1283.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1284.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1284.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4761","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70221","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70127","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70102","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70144","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70175","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70143","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70171","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69972","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69984","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69999","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70024","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.7004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70048","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70035","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70078","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70067","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70119","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml"},{"reference_url":"https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability"},{"reference_url":"http://www.debian.org/security/2013/dsa-2761","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2761"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=996856","reference_id":"996856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=996856"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2013-4761/","reference_id":"CVE-2013-4761","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2013-4761/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4761","reference_id":"CVE-2013-4761","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4761"},{"reference_url":"https://github.com/advisories/GHSA-cj43-9h3w-v976","reference_id":"GHSA-cj43-9h3w-v976","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cj43-9h3w-v976"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1283","reference_id":"RHSA-2013:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1284","reference_id":"RHSA-2013:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1284"},{"reference_url":"https://usn.ubuntu.com/1928-1/","reference_id":"USN-1928-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1928-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-4761","GHSA-cj43-9h3w-v976"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44808?format=json","vulnerability_id":"VCID-73uh-2gkm-6kgy","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4956","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29083","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29157","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29207","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29018","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29082","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29124","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2913","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29085","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29062","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29039","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28993","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28873","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2876","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2869","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28538","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28599","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2862","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28543","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28564","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28643","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=996855","reference_id":"996855","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=996855"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1283","reference_id":"RHSA-2013:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1284","reference_id":"RHSA-2013:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1284"},{"reference_url":"https://usn.ubuntu.com/1928-1/","reference_id":"USN-1928-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1928-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-4956"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73uh-2gkm-6kgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44778?format=json","vulnerability_id":"VCID-7jtp-a1nw-bqfs","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1640","reference_id":"","reference_type":"","scores":[{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83642","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83389","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83402","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83416","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8344","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8345","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83464","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83458","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83489","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83515","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83521","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83548","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8357","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83589","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8359","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83606","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1640/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1640/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919783","reference_id":"919783","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919783"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1640","reference_id":"CVE-2013-1640","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1640"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-1640"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jtp-a1nw-bqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44785?format=json","vulnerability_id":"VCID-nf2h-5vd2-6kb1","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1653","reference_id":"","reference_type":"","scores":[{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83709","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83457","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83469","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83484","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83482","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83507","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83516","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83531","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83521","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83556","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83558","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83582","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83589","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83594","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83618","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83639","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83658","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83674","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1653/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1653/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58446","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58446"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1653","reference_id":"CVE-2013-1653","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1653"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-1653"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nf2h-5vd2-6kb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8438?format=json","vulnerability_id":"VCID-pdpa-qfpq-zkcq","summary":"Improper Input Validation\nPuppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1655","reference_id":"","reference_type":"","scores":[{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70561","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70419","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70409","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.7046","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70468","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70469","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70444","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70483","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70515","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70509","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70315","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70344","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70367","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70406","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70376","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1655"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1655","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppetlabs.com/security/cve/cve-2013-1655"},{"reference_url":"https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442"},{"reference_url":"https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58442","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58442"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1655","reference_id":"CVE-2013-1655","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1655"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1655/","reference_id":"CVE-2013-1655","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1655/"},{"reference_url":"https://github.com/advisories/GHSA-574q-fxfj-wv6h","reference_id":"GHSA-574q-fxfj-wv6h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-574q-fxfj-wv6h"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-1655","GHSA-574q-fxfj-wv6h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-qfpq-zkcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44794?format=json","vulnerability_id":"VCID-rfcx-7kc9-mbcr","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2274.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2274","reference_id":"","reference_type":"","scores":[{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83191","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82933","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82949","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82961","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82959","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82983","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83007","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83035","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.8306","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83075","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83098","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83119","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.8314","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83156","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-2274/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-2274/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58447","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58447"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919773","reference_id":"919773","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919773"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2274","reference_id":"CVE-2013-2274","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2274"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-2274"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfcx-7kc9-mbcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44782?format=json","vulnerability_id":"VCID-sweb-hbec-k3ha","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1652.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1652","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60545","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60288","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60364","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60391","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60359","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60407","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60424","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60444","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60431","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60411","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60452","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.6046","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60451","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60434","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60449","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60395","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60442","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.605","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60458","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60484","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1652/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1652/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58443","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58443"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919784","reference_id":"919784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919784"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1652","reference_id":"CVE-2013-1652","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1652"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-1652"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sweb-hbec-k3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44774?format=json","vulnerability_id":"VCID-v9kt-4vxm-ekdw","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6120","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13031","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12968","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13059","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13111","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12914","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12994","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13045","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13007","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12923","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12823","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12826","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12924","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12948","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1281","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1272","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12869","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12941","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12931","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12957","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=908629","reference_id":"908629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=908629"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6120","reference_id":"CVE-2012-6120","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6120"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2012-6120"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9kt-4vxm-ekdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44788?format=json","vulnerability_id":"VCID-wdwr-8m6q-kff5","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1654.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1654","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64155","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63902","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63961","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63998","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64016","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64014","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63984","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64019","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64032","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64038","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64051","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64049","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64018","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64063","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64109","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64076","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64102","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1654/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1654/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/64758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919770","reference_id":"919770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919770"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1654","reference_id":"CVE-2013-1654","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1654"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76448?format=json","purl":"pkg:ebuild/app-admin/puppet@2.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}],"aliases":["CVE-2013-1654"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdwr-8m6q-kff5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/puppet@2.7.23"}