CVE-2016-5713

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-5713

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5713.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-5713

Published

2017-12-06T15:29:00Z

Modified

2025-01-14T06:39:48.214248Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.

References

Affected packages

Debian:11 / puppet

Package

Name: puppet
Purl: pkg:deb/debian/puppet?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.7.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/puppetlabs/puppet-agent

Affected ranges

Type: GIT
Repo: https://github.com/puppetlabs/puppet-agent
Events: Introduced

fe749a8b064afa356c145c2549df606f7cfd98c9

Fixed

30d260df76bfed4e1179b2f3ec9dd26972e561d8

Type: GIT
Repo: https://github.com/puppetlabs/puppetlabs-puppet_agent
Events: Introduced

c6ab0483ab258a1241a66cb9d9cd5419357cbc60

Fixed

e3abeaf70e1d9e87840ec5ac3ae54e19e8cfbdae

Affected versions

1.*

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.4.0

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

1.5.3