Unrated severityNVD Advisory· Published Oct 25, 2013· Updated Apr 29, 2026
CVE-2013-4957
CVE-2013-4957
Description
The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.
Affected products
7cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=3.0.0
- cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- puppetlabs.com/security/cve/cve-2013-4957nvdVendor Advisory
- secunia.com/advisories/55362nvdVendor Advisory
- osvdb.org/98639nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/88089nvd
News mentions
0No linked articles in our index yet.