CVE-2013-3567 (retired)

Priority
Description
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise
before 2.8.2, deserializes untrusted YAML, which allows remote attackers to
instantiate arbitrary Ruby classes and execute arbitrary code via a crafted
REST API call.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.7.22,3.2.2)
More Information

Updated: 2019-10-09 07:48:01 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)