VYPR
Low severityNVD Advisory· Published May 29, 2012· Updated Jun 16, 2026

CVE-2012-1987

CVE-2012-1987

Description

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
puppetRubyGems
>= 2.6.0, < 2.6.152.6.15
puppetRubyGems
>= 2.7.0, < 2.7.132.7.13

Affected products

1

Patches

Vulnerability mechanics

References

29

News mentions

0

No linked articles in our index yet.