Home

CVE-2013-1655

Description

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to serialized attributes.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.634

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2013-1655 are fixed in Ruby-puppet 3.1.1Windows
Vulnerabilities CVE-2013-1655 are fixed in Ruby-puppet 2.7.21Windows
Vulnerabilities CVE-2013-1655 are fixed in Ruby-puppet for Linux 3.1.1Linux
Vulnerabilities CVE-2013-1655 are fixed in Ruby-puppet for Linux 2.7.21Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234