-
-
Notifications
You must be signed in to change notification settings - Fork 221
/
CVE-2013-1655.yml
28 lines (28 loc) · 1.15 KB
/
CVE-2013-1655.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
---
gem: puppet
cve: 2013-1655
ghsa: 574q-fxfj-wv6h
url: https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
title: Unauthenticated Remote Code Execution Vulnerability
date: 2017-10-24
description: |
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running
Ruby 1.9.3 or later, allows remote attackers to execute arbitrary
code via vectors related to "serialized attributes."
cvss_v2: 7.5
unaffected_versions:
- "< 2.7.0"
patched_versions:
- "~> 2.7.21"
- ">= 3.1.1"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2013-1655
- https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability
- https://github.com/advisories/GHSA-574q-fxfj-wv6h
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- http://ubuntu.com/usn/usn-1759-1
- http://www.debian.org/security/2013/dsa-2643
- https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2013-1655
- https://web.archive.org/web/20210509162357/https://www.securityfocus.com/bid/46291