Arbitrary Code Execution in Puppet 2.7.x and 3.1.x

Arbitrary Code Execution in Puppet 2.7.x and 3.1.x

CVE-2013-1655 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."

Learn more about our Web Application Penetration Testing UK.