Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cDUtdzJjci03Y3A3

Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

Permalink: https://github.com/advisories/GHSA-f7p5-w2cr-7cp7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cDUtdzJjci03Y3A3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 7 years ago
Updated: about 1 year ago


EPSS Percentage: 0.31863
EPSS Percentile: 0.97013

Identifiers: GHSA-f7p5-w2cr-7cp7, CVE-2013-3567
References: Blast Radius: 0.0

Affected Packages

rubygems:puppet
Dependent packages: 112
Dependent repositories: 12,289
Downloads: 27,006,591 total
Affected Version Ranges: >= 3.2.0, < 3.2.2, >= 2.7.0, < 2.7.22
Fixed in: 3.2.2, 2.7.22
All affected versions: 2.7.1, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.8, 2.7.9, 2.7.11, 2.7.12, 2.7.13, 2.7.14, 2.7.16, 2.7.17, 2.7.18, 2.7.19, 2.7.20, 2.7.21, 3.2.1
All unaffected versions: 0.9.2, 0.13.0, 0.13.1, 0.13.2, 0.13.6, 0.16.0, 0.18.4, 0.22.4, 0.23.0, 0.23.1, 0.23.2, 0.24.0, 0.24.1, 0.24.2, 0.24.3, 0.24.4, 0.24.5, 0.24.6, 0.24.7, 0.24.8, 0.24.9, 0.25.0, 0.25.1, 0.25.2, 0.25.3, 0.25.4, 0.25.5, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.7.22, 2.7.23, 2.7.24, 2.7.25, 2.7.26, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.2.2, 3.2.3, 3.2.4, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.1, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.8.0, 4.8.1, 4.8.2, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.10.0, 4.10.1, 4.10.4, 4.10.5, 4.10.6, 4.10.7, 4.10.8, 4.10.9, 4.10.10, 4.10.11, 4.10.12, 5.0.0, 5.0.1, 5.1.0, 5.2.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.4.0, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.6, 5.5.7, 5.5.8, 5.5.10, 5.5.12, 5.5.13, 5.5.14, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.5.0, 6.6.0, 6.7.0, 6.7.2, 6.8.0, 6.8.1, 6.9.0, 6.10.0, 6.10.1, 6.11.0, 6.11.1, 6.12.0, 6.13.0, 6.14.0, 6.15.0, 6.16.0, 6.17.0, 6.18.0, 6.19.0, 6.19.1, 6.20.0, 6.21.0, 6.21.1, 6.22.1, 6.23.0, 6.24.0, 6.25.0, 6.25.1, 6.26.0, 6.27.0, 6.28.0, 6.29.0, 7.0.0, 7.1.0, 7.3.0, 7.4.0, 7.4.1, 7.5.0, 7.6.1, 7.7.0, 7.8.0, 7.9.0, 7.10.0, 7.11.0, 7.12.0, 7.12.1, 7.13.1, 7.14.0, 7.15.0, 7.16.0, 7.17.0, 7.18.0, 7.19.0, 7.20.0, 7.21.0, 7.22.0, 7.23.0, 7.24.0, 7.25.0, 7.26.0, 7.27.0, 7.28.0, 7.29.0, 7.29.1, 7.30.0, 7.31.0, 7.32.1, 7.33.0, 7.34.0, 8.0.0, 8.0.1, 8.1.0, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.5.0, 8.5.1, 8.6.0, 8.7.0, 8.8.1, 8.9.0, 8.10.0