CVE-2013-1655

Published: 12 March 2013

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."

Priority

Medium

Status

Package Release Status
puppet
Launchpad, Ubuntu, Debian
Upstream
Released (2.7.21, 3.1.1)