Critical severity9.8NVD Advisory· Published Dec 6, 2017· Updated Jun 17, 2026
CVE-2016-5713
CVE-2016-5713
Description
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
Affected products
4cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*range: >=1.3.0,<1.6.0
- (no CPE)range: <1.6.0
- (no CPE)range: Introduced in 1.3.0, fixed in 1.6.0
- Range: <1.6.0
Patches
Vulnerability mechanics
References
1- puppet.com/security/cve/cve-2016-5713nvdVendor Advisory
News mentions
0No linked articles in our index yet.