Moderate severityNVD Advisory· Published Oct 17, 2013· Updated Apr 29, 2026
CVE-2013-4287
CVE-2013-4287
Description
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rubygems-updateRubyGems | < 1.8.23.1 | 1.8.23.1 |
rubygems-updateRubyGems | >= 1.8.24, < 1.8.26 | 1.8.26 |
rubygems-updateRubyGems | >= 2.0.0, < 2.0.8 | 2.0.8 |
rubygems-updateRubyGems | >= 2.1.0.rc.1, < 2.1.0 | 2.1.0 |
Affected products
59cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*range: <=1.8.23
- cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Patches
4b9baec03145aFix CVE-2013-4287, remove regexp backtracking
5 files changed · +48 −2
CVE-2013-4287.txt+36 −0 added@@ -0,0 +1,36 @@ += Algorithmic complexity vulnerability in RubyGems 2.0.7 and older + +RubyGems validates versions with a regular expression that is vulnerable to +denial of service due to a backtracking regular expression. For specially +crafted RubyGems versions attackers can cause denial of service through CPU +consumption. + +RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable. + +Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded +versions of RubyGems. + +It does not appear to be possible to exploit this vulnerability by installing a +gem for RubyGems 1.8.x or 2.0.x. Vulnerable uses of RubyGems API include +packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask), +sending user input to Gem::Version.new, Gem::Version.correct? or use of the +Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN +constants. + +Notably, users of bundler that install gems from git are vulnerable if a +malicious author changes the gemspec to an invalid version. + +The vulnerability can be fixed by changing the first grouping to an atomic +grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb. For +RubyGems 2.0.x: + + - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + +For RubyGems 1.8.x: + + - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: + + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: + +This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com> +
History.txt+7 −0 modified@@ -2,6 +2,13 @@ === 2.0.8 +Security fixes: + +* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a + backtracking in Gem::Version validation. See CVE-2013-4287 for full details + including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and + 1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov. + Bug fixes: * Fixed Gem.clear_paths when Security is defined at top-level. Pull request
lib/rubygems/version.rb+1 −1 modified@@ -147,7 +147,7 @@ class Gem::Version # FIX: These are only used once, in .correct?. Do they deserve to be # constants? - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: ##
Manifest.txt+1 −0 modified@@ -1,5 +1,6 @@ .autotest .document +CVE-2013-4287.txt History.txt LICENSE.txt MIT.txt
Rakefile+3 −1 modified@@ -56,7 +56,9 @@ hoe = Hoe.spec 'rubygems-update' do extra_dev_deps << ['ZenTest', '~> 4.5'] extra_dev_deps << ['rake', '~> 0.9.3'] - self.extra_rdoc_files = Dir["*.rdoc"] + self.extra_rdoc_files = Dir["*.rdoc"] + %w[ + CVE-2013-4287.txt + ] spec_extras['rdoc_options'] = proc do |rdoc_options| rdoc_options << "--title=RubyGems Update Documentation"
b697536f2455Fix CVE-2013-4287, remove regexp backtracking
5 files changed · +50 −2
CVE-2013-4287.txt+36 −0 added@@ -0,0 +1,36 @@ += Algorithmic complexity vulnerability in RubyGems 2.0.7 and older + +RubyGems validates versions with a regular expression that is vulnerable to +denial of service due to a backtracking regular expression. For specially +crafted RubyGems versions attackers can cause denial of service through CPU +consumption. + +RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable. + +Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded +versions of RubyGems. + +It does not appear to be possible to exploit this vulnerability by installing a +gem for RubyGems 1.8.x or 2.0.x. Vulnerable uses of RubyGems API include +packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask), +sending user input to Gem::Version.new, Gem::Version.correct? or use of the +Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN +constants. + +Notably, users of bundler that install gems from git are vulnerable if a +malicious author changes the gemspec to an invalid version. + +The vulnerability can be fixed by changing the first grouping to an atomic +grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb. For +RubyGems 2.0.x: + + - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + +For RubyGems 1.8.x: + + - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: + + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: + +This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com> +
History.txt+9 −0 modified@@ -1,5 +1,14 @@ # coding: UTF-8 +=== 1.8.23.1 + +Security fixes: + +* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a + backtracking in Gem::Version validation. See CVE-2013-4287 for full details + including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and + 1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov. + === 1.8.23 / 2012-04-19 This release increases the security used when RubyGems is talking to
lib/rubygems/version.rb+1 −1 modified@@ -145,7 +145,7 @@ class Gem::Version include Comparable - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: ##
Manifest.txt+1 −0 modified@@ -1,6 +1,7 @@ .autotest .document .travis.yml +CVE-2013-4287.txt History.txt LICENSE.txt MIT.txt
Rakefile+3 −1 modified@@ -50,7 +50,9 @@ hoe = Hoe.spec 'rubygems-update' do extra_dev_deps << ['rcov', '~> 0.9.0'] extra_dev_deps << ['ZenTest', '~> 4.5'] - self.extra_rdoc_files = Dir["*.rdoc"] + self.extra_rdoc_files = Dir["*.rdoc"] + %w[ + CVE-2013-4287.txt + ] spec_extras['rdoc_options'] = proc do |rdoc_options| rdoc_options << "--title=RubyGems #{self.version} Documentation"
ed733bc379d7Fix CVE-2013-4287, remove regexp backtracking
5 files changed · +48 −2
CVE-2013-4287.txt+36 −0 added@@ -0,0 +1,36 @@ += Algorithmic complexity vulnerability in RubyGems 2.0.7 and older + +RubyGems validates versions with a regular expression that is vulnerable to +denial of service due to a backtracking regular expression. For specially +crafted RubyGems versions attackers can cause denial of service through CPU +consumption. + +RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable. + +Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded +versions of RubyGems. + +It does not appear to be possible to exploit this vulnerability by installing a +gem for RubyGems 1.8.x or 2.0.x. Vulnerable uses of RubyGems API include +packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask), +sending user input to Gem::Version.new, Gem::Version.correct? or use of the +Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN +constants. + +Notably, users of bundler that install gems from git are vulnerable if a +malicious author changes the gemspec to an invalid version. + +The vulnerability can be fixed by changing the first grouping to an atomic +grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb. For +RubyGems 2.0.x: + + - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + +For RubyGems 1.8.x: + + - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: + + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: + +This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com> +
History.txt+7 −0 modified@@ -2,6 +2,13 @@ === 1.8.26 +Security fixes: + +* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a + backtracking in Gem::Version validation. See CVE-2013-4287 for full details + including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and + 1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov. + Bug fixes: * Fixed editing of a Makefile with 8-bit characters. Fixes #181
lib/rubygems/version.rb+1 −1 modified@@ -145,7 +145,7 @@ class Gem::Version include Comparable - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: ##
Manifest.txt+1 −0 modified@@ -1,5 +1,6 @@ .autotest .document +CVE-2013-4287.txt History.txt LICENSE.txt MIT.txt
Rakefile+3 −1 modified@@ -53,7 +53,9 @@ hoe = Hoe.spec 'rubygems-update' do extra_dev_deps << ['rcov', '~> 0.9.0'] extra_dev_deps << ['ZenTest', '~> 4.5'] - self.extra_rdoc_files = Dir["*.rdoc"] + self.extra_rdoc_files = Dir["*.rdoc"] + %w[ + CVE-2013-4287.txt + ] spec_extras['rdoc_options'] = proc do |rdoc_options| rdoc_options << "--title=RubyGems #{self.version} Documentation"
938a7e31ac73Fix CVE-2013-4287, remove regexp backtracking
5 files changed · +48 −2
CVE-2013-4287.txt+36 −0 added@@ -0,0 +1,36 @@ += Algorithmic complexity vulnerability in RubyGems 2.0.7 and older + +RubyGems validates versions with a regular expression that is vulnerable to +denial of service due to a backtracking regular expression. For specially +crafted RubyGems versions attackers can cause denial of service through CPU +consumption. + +RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable. + +Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded +versions of RubyGems. + +It does not appear to be possible to exploit this vulnerability by installing a +gem for RubyGems 1.8.x or 2.0.x. Vulnerable uses of RubyGems API include +packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask), +sending user input to Gem::Version.new, Gem::Version.correct? or use of the +Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN +constants. + +Notably, users of bundler that install gems from git are vulnerable if a +malicious author changes the gemspec to an invalid version. + +The vulnerability can be fixed by changing the first grouping to an atomic +grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb. For +RubyGems 2.0.x: + + - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + +For RubyGems 1.8.x: + + - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: + + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: + +This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com> +
History.txt+7 −0 modified@@ -2,6 +2,13 @@ === 2.1.0.rc.2 +Security fixes: + +* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a + backtracking in Gem::Version validation. See CVE-2013-4287 for full details + including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and + 1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov. + Major enhancements: * RubyGems uses a new dependency resolver for gem installation which works
lib/rubygems/version.rb+1 −1 modified@@ -147,7 +147,7 @@ class Gem::Version # FIX: These are only used once, in .correct?. Do they deserve to be # constants? - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc: ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: ##
Manifest.txt+1 −0 modified@@ -1,5 +1,6 @@ .autotest .document +CVE-2013-4287.txt History.txt LICENSE.txt MIT.txt
Rakefile+3 −1 modified@@ -56,7 +56,9 @@ hoe = Hoe.spec 'rubygems-update' do dependency 'rake', '~> 0.9.3', :dev dependency 'minitest', '~> 4.0', :dev - self.extra_rdoc_files = Dir["*.rdoc"] + self.extra_rdoc_files = Dir["*.rdoc"] + %w[ + CVE-2013-4287.txt + ] spec_extras['rdoc_options'] = proc do |rdoc_options| rdoc_options << "--title=RubyGems Update Documentation"
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
18- blog.rubygems.org/2013/09/09/CVE-2013-4287.htmlnvdPatchVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2013/09/10/1nvdPatchWEB
- rhn.redhat.com/errata/RHSA-2013-1427.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-9j7m-rjqx-48vhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4287ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2013-1441.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-1523.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-1852.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0207.htmlnvdWEB
- github.com/rubygems/rubygems/blob/03a074e8838683f45611b119fd8f363aa44fe2fd/CHANGELOG.mdghsaWEB
- github.com/rubygems/rubygems/commit/938a7e31ac73655845ab9045629ff3f580a125daghsaWEB
- github.com/rubygems/rubygems/commit/b697536f2455e8c8853cf5cf8a1017a36031ed67ghsaWEB
- github.com/rubygems/rubygems/commit/b9baec03145aed684d1cd3c87dcac3cc06becd9bghsaWEB
- github.com/rubygems/rubygems/commit/ed733bc379d75620f5be4213f89d1d7b38be3191ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4287.ymlghsaWEB
- web.archive.org/web/20160806152839/https://puppet.com/security/cve/cve-2013-4287ghsaWEB
- secunia.com/advisories/55381nvd
- puppet.com/security/cve/cve-2013-4287nvd
News mentions
0No linked articles in our index yet.