Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9xqa-yun5-63bf
Vulnerability ID VCID-9xqa-yun5-63bf
Aliases CVE-2012-1988
GHSA-6xxq-j39w-g3f6
Summary Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
generic_textual MODERATE http://projects.puppetlabs.com/issues/13518
generic_textual MODERATE http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
generic_textual MODERATE http://puppetlabs.com/security/cve/cve-2012-1988
epss 0.00492 https://api.first.org/data/v1/epss?cve=CVE-2012-1988
epss 0.00492 https://api.first.org/data/v1/epss?cve=CVE-2012-1988
epss 0.00492 https://api.first.org/data/v1/epss?cve=CVE-2012-1988
epss 0.00492 https://api.first.org/data/v1/epss?cve=CVE-2012-1988
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-6xxq-j39w-g3f6
generic_textual MODERATE https://github.com/puppetlabs/puppet
generic_textual MODERATE https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
generic_textual MODERATE https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
generic_textual MODERATE https://hermes.opensuse.org/messages/14523305
generic_textual MODERATE https://hermes.opensuse.org/messages/15087408
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-1988
generic_textual MODERATE https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
generic_textual MODERATE https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
generic_textual MODERATE https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
generic_textual MODERATE https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
generic_textual MODERATE https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
generic_textual MODERATE https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
generic_textual MODERATE https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
generic_textual MODERATE https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
generic_textual MODERATE https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
generic_textual MODERATE http://ubuntu.com/usn/usn-1419-1
generic_textual MODERATE http://www.debian.org/security/2012/dsa-2451
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
http://projects.puppetlabs.com/issues/13518
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
http://puppetlabs.com/security/cve/cve-2012-1988
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json
https://api.first.org/data/v1/epss?cve=CVE-2012-1988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988
https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
https://github.com/advisories/GHSA-6xxq-j39w-g3f6
https://github.com/puppetlabs/puppet
https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
https://hermes.opensuse.org/messages/14523305
https://hermes.opensuse.org/messages/15087408
https://nvd.nist.gov/vuln/detail/CVE-2012-1988
https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
http://ubuntu.com/usn/usn-1419-1
http://www.debian.org/security/2012/dsa-2451
810071 https://bugzilla.redhat.com/show_bug.cgi?id=810071
CVE-2012-1988 http://puppetlabs.com/security/cve/cve-2012-1988/
CVE-2012-1988 https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
GLSA-201208-02 https://security.gentoo.org/glsa/201208-02
RHSA-2012:1542 https://access.redhat.com/errata/RHSA-2012:1542
USN-1419-1 https://usn.ubuntu.com/1419-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.66106
EPSS Score 0.00492
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:54:59.798622+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201208-02 38.6.0