{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6938?format=json","vulnerability_id":"VCID-e8jr-zut7-17b6","summary":"This package is vulnerable to Arbitrary Code Execution. The current directory '.' is on the load path for Ruby. If users create ruby source files with names that correspond to those that hiera trys to load, it may result in loading and the execution of these files.","aliases":[{"alias":"GMS-2014-5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20659?format=json","purl":"pkg:gem/hiera@1.3.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.3.4"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134717?format=json","purl":"pkg:gem/hiera@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/134718?format=json","purl":"pkg:gem/hiera@0.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@0.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/134719?format=json","purl":"pkg:gem/hiera@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/134720?format=json","purl":"pkg:gem/hiera@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/134721?format=json","purl":"pkg:gem/hiera@1.0.0rc4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.0.0rc4"},{"url":"http://public2.vulnerablecode.io/api/packages/134722?format=json","purl":"pkg:gem/hiera@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/134723?format=json","purl":"pkg:gem/hiera@1.1.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.1.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/134724?format=json","purl":"pkg:gem/hiera@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/134725?format=json","purl":"pkg:gem/hiera@1.1.1.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.1.1.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/134726?format=json","purl":"pkg:gem/hiera@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/134727?format=json","purl":"pkg:gem/hiera@1.1.2.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.1.2.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/134728?format=json","purl":"pkg:gem/hiera@1.1.2.rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.1.2.rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/134729?format=json","purl":"pkg:gem/hiera@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/134730?format=json","purl":"pkg:gem/hiera@1.2.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.2.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/134731?format=json","purl":"pkg:gem/hiera@1.2.0.rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.2.0.rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/134732?format=json","purl":"pkg:gem/hiera@1.2.0.rc3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.2.0.rc3"},{"url":"http://public2.vulnerablecode.io/api/packages/134733?format=json","purl":"pkg:gem/hiera@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/134734?format=json","purl":"pkg:gem/hiera@1.2.1.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.2.1.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/134735?format=json","purl":"pkg:gem/hiera@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/134736?format=json","purl":"pkg:gem/hiera@1.3.0.rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.3.0.rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/134737?format=json","purl":"pkg:gem/hiera@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/134738?format=json","purl":"pkg:gem/hiera@1.3.1.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.3.1.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/134739?format=json","purl":"pkg:gem/hiera@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/134740?format=json","purl":"pkg:gem/hiera@1.3.2.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.3.2.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/134741?format=json","purl":"pkg:gem/hiera@1.3.2.rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.3.2.rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/134742?format=json","purl":"pkg:gem/hiera@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-e8jr-zut7-17b6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/hiera@1.3.2"}],"references":[{"reference_url":"https://github.com/puppetlabs/hiera/commit/5b71548ca9ea9ced460b2970c3e8fb483b495806","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/puppetlabs/hiera/commit/5b71548ca9ea9ced460b2970c3e8fb483b495806"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8jr-zut7-17b6"}