Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
rubygems puppet Security Advisories
Loading...
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1tcG14LWdtNXYtcTc4Oc4AATVg
Puppet uses predictable filenames, allowing arbitrary file overwriteEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS05cHZ4LWZ3d2gtdzI4Oc4AATVb
Puppet does not properly restrict access to node resourcesEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS04YzU2LXYyNXctZjg5Y84AATVI
Puppet arbitrary file overwriteEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1xaDNnLTI3amYtM2o1NM4AATVQ
Puppet allows local users to modify the permissions of arbitrary filesEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS12NTh3LTZ4YzItdzc5Oc4AATUx
Puppet Denial of Service and Arbitrary File WriteEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS02eHhxLWozOXctZzNmNs4AATUt
Puppet Arbitrary Command ExecutionEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1jNG1jLTQ5aHEtcTI3Nc4AATUu
Puppet uses predictable filenames, allowing arbitrary file overwriteEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS03N2hnLWc4Y2MtNXIzN84AATUv
Puppet Privilege EscallationEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 2 years ago
GSA_kwCzR0hTQS12dzIyLTQ2NXAtOGo1d84AAR7S
Tarball permission preservation in puppetEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 2 years ago
Critical
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: about 2 years ago
GSA_kwCzR0hTQS1wcWo1LTdyODYtNjRmds3svQ
Puppet Improper Access ControlEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: about 2 years ago
Low
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS12cmg3LTk5amgtM2Ztbc3StQ
Puppet arbitrary files overwrite via a symlink attackEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
GSA_kwCzR0hTQS1xNGc3LWpyeHYtNjdyOc0XeQ
Silent Configuration Failure in Puppet AgentEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
GSA_kwCzR0hTQS05M2o1LWc4NDUtOXdxcM0XhQ
Unsafe HTTP Redirect in Puppet Agent and Puppet ServerEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxdmYtODkyci12am01
Improper Certificate Validation in PuppetEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 3 years ago
Low
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjYtdzltcC05NWht
Puppet supports use of IP addresses in certnames without warning of potential risksEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
Low
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1cXEtZzY3My01cDQ5
Puppet allows local users to overwrite arbitrary files via a symlink attackEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
Low
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeGotOXI1Zi13M20y
Puppet allows local users to obtain sensitive configuration informationEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
Low
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4OW0tM3dqdy1oODU3
Puppet vulnerable to Path TraversalEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
High
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cDUtdzJjci03Y3A3
Puppet Improper Input Validation vulnerabilityEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
High
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3NHEtZnhmai13djZo
Puppet Improper Input Validation vulnerabilityEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqNDMtOWgzdy12OTc2
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type serviceEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
Moderate
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0NHItZjJobS12NzZ2
Pupper does not properly restrict characters in Common Name field of Certificate Signing RequestEcosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
Moderate
Ecosystems: rubygems
Packages: mcollective-client, puppet, hiera, facter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkydjctcHE0aC01OGo1
facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerabilityEcosystems: rubygems
Packages: mcollective-client, puppet, hiera, facter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 2
Ecosystems: 12
Packages: 8,642
Repositories: 2
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
actionpack
58
nokogiri
43
rubygems-update
25
rack
23
puppet
23
activerecord
21
publify_core
14
activesupport
14
passenger
13
actionview
12
rails
11
puma
11
fat_free_crm
10
jquery-rails
9
decidim
9
rails-html-sanitizer
9
jquery
8
org.webjars.npm:jquery
8
org.jruby:jruby-stdlib
7
jQuery
7
jQuery.UI.Combined
7
jquery-ui
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
camaleon_cms
6
katello
6
doorkeeper
6
ember-source
6
loofah
6
spree_auth_devise
5
bundler
5
spree
5
sidekiq
5
commonmarker
5
grpc
4
grpcio
4
rails_admin
4
avo
4
devise
4
carrierwave
4
mail
4
sanitize
4
webrick
4
sinatra
4
dragonfly
4
fluentd
4
activestorage
4
yard
3
cgi
3
resque
3
bootstrap
3
gollum
3
omniauth
3
rest-client
3
geminabox
3
bootstrap
3
private_address_check
3
rexml
3
chartkick
3
rubyzip
3
io.grpc:grpc-protobuf
3
rdoc
3
rack-cors
3
phlex
3
json-jwt
3
decidim-core
3
activeadmin
3
git
3
openssl
3
ruby-saml
3
faye
2
twitter-bootstrap-rails
2
logstash-core
2
redcarpet
2
json
2
uri
2
httparty
2
VladTheEnterprising
2
omniauth-facebook
2
ox
2
echor
2
mini_magick
2
facter
2
yajl-ruby
2
git-fastclone
2
net-ldap
2
spina
2
bson
2
paperclip
2
kaminari
2
user_agent_parser
2
pghero
2
devise-two-factor
2
solidus_frontend
2
secure_headers
2
pdfkit
2
cocoapods-downloader
2
radiant
2
field_test
2
qiita-markdown
2
kramdown
2
decidim-templates
2
sprockets
2
mechanize
2
pyarrow
2
safemode
2
red-arrow
2
mapbox.js
2
i18n
2
google-protobuf
2
com.google.protobuf:protobuf-kotlin
2
administrate
2
sup
2
pageflow
2
mapbox-rails
2
com.google.protobuf:protobuf-java
2
bootstrap-sass
2
decidim-admin
2
view_component
2
ruby-openid
2
solidus_core
2
actiontext
2
paratrooper-newrelic
1
octopoller
1
jmespath
1
trilogy
1
date
1
github.com/github/hub
1
hub
1
sentry-raven
1
websocket-extensions
1
ruby_parser
1
railties
1
foreman_ansible
1
gitlab-grit
1
geokit-rails
1
multi_xml
1
keynote
1
padrino-contrib
1
bolt
1
omniauth-microsoft_graph
1
lynx
1
rubocop
1
ruby-mysql
1
kafo
1
hammer_cli_foreman
1
jruby-openssl
1
redcloth
1
em-http-request
1
command_wrap
1
gtk2
1
rotp
1
@turbo-boost/commands
1
activejob
1
personnummer
1
turbo_boost-commands
1
kcapifony
1
brbackup
1
discordrb
1
rmagick
1
diffy
1
recurly
1
solidus_backend
1
md2pdf
1
sounder
1
ldap_fluff
1
resque-scheduler
1
xapian-core
1
mixlib-archive
1
rswag
1
pdf_info
1
inline_svg
1
foreman_fog_proxmox
1
message_bus
1
shrine
1
papercrop
1
omniauth-auth0
1
spree_api
1
omniauth-apple
1
asciidoctor
1
audited
1
govuk_tech_docs
1
oauth
1
clockwork_web
1
trestle-auth
1
point-cli
1
openshift-origin-node
1
decidim-system
1
lean-ruport
1
flash_tool
1
tweetstream
1
ftpd
1
twitter-stream
1
pysha3
1
better_errors
1
sha3
1
mongrel
1
unpoly-rails
1
cap-strap
1
ruby-jss
1
Filter by Repository