Novell : Security Vulnerabilities, CVEs, Published In August 2013 (Code Execution)
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Max CVSS
7.5
EPSS Score
20.86%
Published
2013-08-19
Updated
2019-07-10
1 vulnerabilities found