Описание
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.2.2-1 |
| lucid | ignored | end of life |
| precise | released | 2.7.11-1ubuntu2.3 |
| quantal | released | 2.7.18-1ubuntu1.2 |
| raring | released | 2.7.18-4ubuntu1.1 |
| upstream | released | 2.7.22,3.2.2 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterpri ...
EPSS
7.5 High
CVSS2