CVE-2013-1655
Puppet 2.7.0-2.7.20 and 3.1.0 - Remote Code Execution via Serialized Attributes
Title source: llmDescription
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58442
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2643
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52596
Vendor Advisory x_refsource_confirm
https://puppetlabs.com/security/cve/cve-2013-1655/
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1759-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
Scores
EPSS
0.0063
EPSS Percentile
70.6%
Details
CWE
CWE-20
Status
published
Products (22)
puppet/puppet
2.7.2
puppet/puppet
2.7.3
puppet/puppet
2.7.4
puppet/puppet
2.7.5
puppet/puppet
2.7.6
puppet/puppet
2.7.7
puppet/puppet
2.7.8
puppet/puppet
2.7.9
puppet/puppet
2.7.10
puppet/puppet
2.7.11
... and 12 more
Published
Mar 20, 2013
Tracked Since
Feb 18, 2026