VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
generic_textual	MODERATE	http://projects.puppetlabs.com/issues/13518
generic_textual	MODERATE	http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
generic_textual	MODERATE	http://puppetlabs.com/security/cve/cve-2012-1988
epss	0.00492	https://api.first.org/data/v1/epss?cve=CVE-2012-1988
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
generic_textual	MODERATE	https://github.com/puppetlabs/puppet
generic_textual	MODERATE	https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
generic_textual	MODERATE	https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
generic_textual	MODERATE	https://hermes.opensuse.org/messages/14523305
generic_textual	MODERATE	https://hermes.opensuse.org/messages/15087408
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-1988
generic_textual	MODERATE	https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
generic_textual	MODERATE	https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
generic_textual	MODERATE	https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
generic_textual	MODERATE	https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988
generic_textual	MODERATE	https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
generic_textual	MODERATE	https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
generic_textual	MODERATE	https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
generic_textual	MODERATE	https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
generic_textual	MODERATE	https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
generic_textual	MODERATE	http://ubuntu.com/usn/usn-1419-1
generic_textual	MODERATE	http://www.debian.org/security/2012/dsa-2451

System

Score

Found at

generic_textual

MODERATE

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html

generic_textual

MODERATE

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html

generic_textual

MODERATE

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html

generic_textual

MODERATE

http://projects.puppetlabs.com/issues/13518

generic_textual

MODERATE

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

generic_textual

MODERATE

http://puppetlabs.com/security/cve/cve-2012-1988

epss

0.00492

https://api.first.org/data/v1/epss?cve=CVE-2012-1988

generic_textual

MODERATE

https://exchange.xforce.ibmcloud.com/vulnerabilities/74796

generic_textual

MODERATE

https://github.com/puppetlabs/puppet

generic_textual

MODERATE

https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc

generic_textual

MODERATE

https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14

generic_textual

MODERATE

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml

generic_textual

MODERATE

https://hermes.opensuse.org/messages/14523305

generic_textual

MODERATE

https://hermes.opensuse.org/messages/15087408

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2012-1988

generic_textual

MODERATE

https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975

generic_textual

MODERATE

https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518

generic_textual

MODERATE

https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

generic_textual

MODERATE

https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988

generic_textual

MODERATE

https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789

generic_textual

MODERATE

https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748

generic_textual

MODERATE

https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136

generic_textual

MODERATE

https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743

generic_textual

MODERATE

https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975

generic_textual

MODERATE

http://ubuntu.com/usn/usn-1419-1

generic_textual

MODERATE

http://www.debian.org/security/2012/dsa-2451

Reference id

Reference type

URL

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html

http://projects.puppetlabs.com/issues/13518

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

http://puppetlabs.com/security/cve/cve-2012-1988

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json

https://api.first.org/data/v1/epss?cve=CVE-2012-1988

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988

https://exchange.xforce.ibmcloud.com/vulnerabilities/74796

https://github.com/advisories/GHSA-6xxq-j39w-g3f6

https://github.com/puppetlabs/puppet

https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc

https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml

https://hermes.opensuse.org/messages/14523305

https://hermes.opensuse.org/messages/15087408

https://nvd.nist.gov/vuln/detail/CVE-2012-1988

https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975

https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518

https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988

https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789

https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748

https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136

https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743

https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975

http://ubuntu.com/usn/usn-1419-1

http://www.debian.org/security/2012/dsa-2451

810071

https://bugzilla.redhat.com/show_bug.cgi?id=810071

CVE-2012-1988

https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/

GLSA-201208-02

https://security.gentoo.org/glsa/201208-02

RHSA-2012:1542

https://access.redhat.com/errata/RHSA-2012:1542

USN-1419-1

https://usn.ubuntu.com/1419-1/

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:33:07.862279+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6xxq-j39w-g3f6/GHSA-6xxq-j39w-g3f6.json	38.6.0

2026-05-29T09:33:07.862279+00:00

GithubOSV Importer

Import

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6xxq-j39w-g3f6/GHSA-6xxq-j39w-g3f6.json

38.6.0

Vulnerability ID	VCID-ttwu-tjgf-7yd3
Aliases	CVE-2012-1988 GHSA-6xxq-j39w-g3f6
Summary	Puppet Arbitrary Command Execution Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.65938
EPSS Score	0.00492
Published At	May 29, 2026, 12:55 p.m.