CVE-2013-1640
N/A
N/A
Summary
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2013-0710.html
- http://www.debian.org/security/2013/dsa-2643
- http://secunia.com/advisories/52596
- http://ubuntu.com/usn/usn-1759-1
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- https://puppetlabs.com/security/cve/cve-2013-1640/
References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2013-0710.html
- http://www.debian.org/security/2013/dsa-2643
- http://secunia.com/advisories/52596
- http://ubuntu.com/usn/usn-1759-1
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html
- https://puppetlabs.com/security/cve/cve-2013-1640/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.