CVE-2013-4957

Опубликовано: 25 окт. 2013

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

Конфигурация 1

Одно из

cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*

Версия до 3.0.0 (включая)

cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00429

Низкий

6.8 Medium

CVSS2

CWE-94

CVE-2013-4957

ubuntu

больше 12 лет назад

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

GHSA-63rf-cwpf-vw2p

github

больше 3 лет назад

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

EPSS

Процентиль: 62%

0.00429

Низкий

6.8 Medium

CVSS2

CWE-94