CVE-2013-1655
published 2013-03-20CVE-2013-1655: Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | < puppet 2.7.18-3 (bullseye) | puppet 2.7.18-3 (bullseye) |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | >= 0 < 2.7.18-3 | 2.7.18-3 |
| puppet | puppet | >= 2.7.0 < 2.7.21 | 2.7.21 |
| puppet | puppet | >= 3.1.0 < 3.1.1 | 3.1.1 |
| puppet | puppet_enterprise | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH