{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"puppetserver","version":"7.9.5-2+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"8.7.0-5","latest_non_vulnerable_version":"8.7.0-7","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78452?format=json","vulnerability_id":"VCID-bqtz-8vkk-xbg6","summary":"puppet: Puppet Server ReDoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1894.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1894","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17426","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17175","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17073","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17166","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17138","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17473","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17252","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17402","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17366","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17312","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17253","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17259","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17197","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17176","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17116","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16981","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1894"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035541","reference_id":"1035541","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035541"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2193088","reference_id":"2193088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2193088"},{"reference_url":"https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos","reference_id":"cve-2023-1894-puppet-server-redos","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:55:33Z/"}],"url":"https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936021?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936020?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936019?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081563?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-7%3Fdistro=trixie"}],"aliases":["CVE-2023-1894"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqtz-8vkk-xbg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/334368?format=json","vulnerability_id":"VCID-ctnu-wcs1-dfa2","summary":"A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5459","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.2549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25565","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25502","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25373","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26745","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26823","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26773","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26707","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50958","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51035","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50992","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50961","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5089","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5094","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5097","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50928","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5459"},{"reference_url":"https://portal.perforce.com/s/detail/a91PA000001SiDdYAK","reference_id":"a91PA000001SiDdYAK","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:30:51Z/"}],"url":"https://portal.perforce.com/s/detail/a91PA000001SiDdYAK"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936018?format=json","purl":"pkg:deb/debian/puppetserver@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936020?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936019?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081563?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-7%3Fdistro=trixie"}],"aliases":["CVE-2025-5459"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctnu-wcs1-dfa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/309066?format=json","vulnerability_id":"VCID-huc8-7hdd-ukam","summary":"In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10360","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09804","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09753","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09825","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09877","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09884","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09832","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09714","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09684","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1025","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10308","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10016","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10164","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10234","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10211","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10683","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10629","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10749","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10702","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10360"},{"reference_url":"https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255","reference_id":"insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T16:11:54Z/"}],"url":"https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936018?format=json","purl":"pkg:deb/debian/puppetserver@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936020?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936019?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081563?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-7%3Fdistro=trixie"}],"aliases":["CVE-2025-10360"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huc8-7hdd-ukam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15327?format=json","vulnerability_id":"VCID-pj4s-vjbb-u7h7","summary":"Improper Access Control\nPuppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2785.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2785","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37785","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38214","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38223","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38242","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38206","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38182","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38229","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38143","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37969","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37945","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37851","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3774","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37808","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37823","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37734","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37708","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38122","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38296","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38164","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/6592a8166572e5f1b7d058474059b8519ec81387"},{"reference_url":"https://github.com/puppetlabs/puppet/commits/4.4.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commits/4.4.2"},{"reference_url":"https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2"},{"reference_url":"https://security.gentoo.org/glsa/201606-02","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201606-02"},{"reference_url":"https://www.puppet.com/security/cve/cve-2016-2785-incorrect-url-decoding","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2016-2785-incorrect-url-decoding"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1331024","reference_id":"1331024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1331024"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.0.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:4.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:1.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2785","reference_id":"CVE-2016-2785","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2785"},{"reference_url":"https://puppet.com/security/cve/cve-2016-2785","reference_id":"CVE-2016-2785","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2016-2785"},{"reference_url":"https://github.com/advisories/GHSA-pqj5-7r86-64fv","reference_id":"GHSA-pqj5-7r86-64fv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pqj5-7r86-64fv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936018?format=json","purl":"pkg:deb/debian/puppetserver@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936020?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936019?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081563?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-7%3Fdistro=trixie"}],"aliases":["CVE-2016-2785","GHSA-pqj5-7r86-64fv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4s-vjbb-u7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78046?format=json","vulnerability_id":"VCID-prfa-kwxa-hya6","summary":"puppet: Denial of Service for Revocation of Auto Renewed Certificates","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5255.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5255","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33537","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33378","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33457","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35105","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35108","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35013","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35036","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35489","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35519","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35467","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35231","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35208","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35129","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35008","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35079","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242146","reference_id":"2242146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936018?format=json","purl":"pkg:deb/debian/puppetserver@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936020?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936019?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081563?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-7%3Fdistro=trixie"}],"aliases":["CVE-2023-5255"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prfa-kwxa-hya6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11674?format=json","vulnerability_id":"VCID-qdsk-m9ye-z3a4","summary":"Unsafe HTTP Redirect in Puppet Agent and Puppet Server\nA flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27023","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60693","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60598","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60584","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60563","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60603","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60597","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60582","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60595","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60583","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60542","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60588","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60646","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60606","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60632","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60441","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60516","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60543","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60512","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60561","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60577","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023859","reference_id":"2023859","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023859"},{"reference_url":"https://security.archlinux.org/AVG-2541","reference_id":"AVG-2541","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2541"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27023","reference_id":"CVE-2021-27023","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27023"},{"reference_url":"https://puppet.com/security/cve/CVE-2021-27023","reference_id":"CVE-2021-27023","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/CVE-2021-27023"},{"reference_url":"https://github.com/advisories/GHSA-93j5-g845-9wqp","reference_id":"GHSA-93j5-g845-9wqp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93j5-g845-9wqp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1478","reference_id":"RHSA-2022:1478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1708","reference_id":"RHSA-2022:1708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4866","reference_id":"RHSA-2022:4866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4867","reference_id":"RHSA-2022:4867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936018?format=json","purl":"pkg:deb/debian/puppetserver@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936020?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936019?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081563?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-7%3Fdistro=trixie"}],"aliases":["CVE-2021-27023","GHSA-93j5-g845-9wqp"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsk-m9ye-z3a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81521?format=json","vulnerability_id":"VCID-ugqt-zyga-1ydy","summary":"puppet: puppet server and puppetDB may leak sensitive information via metrics API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7943","reference_id":"","reference_type":"","scores":[{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98474","published_at":"2026-04-01T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98507","published_at":"2026-05-14T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98502","published_at":"2026-05-11T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98501","published_at":"2026-05-07T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98504","published_at":"2026-05-12T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98479","published_at":"2026-04-04T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.9848","published_at":"2026-04-07T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98483","published_at":"2026-04-08T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98485","published_at":"2026-04-09T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98488","published_at":"2026-04-11T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98487","published_at":"2026-04-13T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98493","published_at":"2026-04-16T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98494","published_at":"2026-04-18T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.65366","scoring_system":"epss","scoring_elements":"0.98498","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7943"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://puppet.com/security/cve/CVE-2020-7943/","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/CVE-2020-7943/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828486","reference_id":"1828486","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828486"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7943","reference_id":"CVE-2020-7943","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936018?format=json","purl":"pkg:deb/debian/puppetserver@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936020?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936019?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081563?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-7%3Fdistro=trixie"}],"aliases":["CVE-2020-7943"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugqt-zyga-1ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151141?format=json","vulnerability_id":"VCID-wctw-qqds-f7en","summary":"Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.","references":[{"reference_url":"http://puppetlabs.com/security/cve/cve-2014-7170","reference_id":"","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2014-7170"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7170","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13423","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13336","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13438","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13503","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13379","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13429","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.134","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13365","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13318","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13223","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13302","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13309","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13281","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13178","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13083","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13237","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13319","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13314","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13344","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7170"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:0.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7170","reference_id":"CVE-2014-7170","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7170"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/936018?format=json","purl":"pkg:deb/debian/puppetserver@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936017?format=json","purl":"pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936020?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/936019?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081563?format=json","purl":"pkg:deb/debian/puppetserver@8.7.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-7%3Fdistro=trixie"}],"aliases":["CVE-2014-7170"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wctw-qqds-f7en"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie"}