CVE-2013-3567

NONECVSS 0.0

0.0

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

🔗 References (16)

cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-1283.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-1284.html
cve@mitrehttp://secunia.com/advisories/54429
cve@mitrehttp://www.debian.org/security/2013/dsa-2715
cve@mitrehttp://www.ubuntu.com/usn/USN-1886-1
cve@mitrehttps://puppetlabs.com/security/cve/cve-2013-3567/
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1283.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1284.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54429
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2715
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1886-1

Is Your Infrastructure Affected by CVE-2013-3567?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-3567

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-3567?