rpm package
suse/puppet&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/puppet&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2295 | Hig | 8.2 | < 2.7.26-0.5.3.1 | 2.7.26-0.5.3.1 | Jul 5, 2017 | Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constr |
- affected < 2.7.26-0.5.3.1fixed 2.7.26-0.5.3.1
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constr