Количество 8
Количество 8
CVE-2017-2295
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.
CVE-2017-2295
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.
CVE-2017-2295
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.
CVE-2017-2295
Versions of Puppet prior to 4.10.1 will deserialize data off the wire ...
openSUSE-SU-2017:1948-1
Security update for rubygem-puppet
SUSE-SU-2018:0600-1
Security update for puppet
SUSE-SU-2017:2113-1
Security update for puppet
GHSA-988w-9qqw-43hr
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-2295 Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. | CVSS3: 8.2 | 2% Низкий | больше 8 лет назад |
 | CVE-2017-2295 Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. | CVSS3: 8.1 | 2% Низкий | больше 8 лет назад |
 | CVE-2017-2295 Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. | CVSS3: 8.2 | 2% Низкий | больше 8 лет назад |
| CVE-2017-2295 Versions of Puppet prior to 4.10.1 will deserialize data off the wire ... | CVSS3: 8.2 | 2% Низкий | больше 8 лет назад |
 | openSUSE-SU-2017:1948-1 Security update for rubygem-puppet | 2% Низкий | больше 8 лет назад | |
| SUSE-SU-2018:0600-1 Security update for puppet | 2% Низкий | почти 8 лет назад | |
| SUSE-SU-2017:2113-1 Security update for puppet | 2% Низкий | больше 8 лет назад | |
| GHSA-988w-9qqw-43hr Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. | CVSS3: 8.2 | 2% Низкий | больше 3 лет назад |
Уязвимостей на страницу