Unrated severityNVD Advisory· Published Mar 20, 2013· Updated Apr 29, 2026
CVE-2013-1640
CVE-2013-1640
Description
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
Affected products
8cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*range: <2.6.18
- cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <1.2.7
- cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-04/msg00056.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0710.htmlnvdThird Party Advisory
- secunia.com/advisories/52596nvdThird Party Advisory
- ubuntu.com/usn/usn-1759-1nvdThird Party Advisory
- www.debian.org/security/2013/dsa-2643nvdThird Party Advisory
- puppetlabs.com/security/cve/cve-2013-1640/nvdVendor Advisory
News mentions
0No linked articles in our index yet.