Computer Security
[EN] securityvulns.ru no-pyccku


puppet code exeuction
Published:01.07.2013
Source:
SecurityVulns ID:13139
Type:remote
Threat Level:
7/10
Description:Code execution via YAML object deserialization.
Affected:PUPPET : puppet 2.7
 PUPPET : puppet 2.8
 PUPPET : Puppet 3.2
CVE:CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.)
Files:CVE-2013-3567 (Unauthenticated Remote Code Execution Vulnerability)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod