CVE-2016-5713

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-5713

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5713.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-5713

Downstream

DEBIAN-CVE-2016-5713

Published

2017-12-06T15:29:00Z

Modified

2025-10-22T18:58:02.634602Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.

References

https://puppet.com/security/cve/cve-2016-5713

Affected packages

Git / github.com/puppetlabs/puppet-agent

Affected ranges

Type: GIT
Repo: https://github.com/puppetlabs/puppet-agent
Events: Introduced

fe749a8b064afa356c145c2549df606f7cfd98c9

Fixed

30d260df76bfed4e1179b2f3ec9dd26972e561d8

Affected versions

1.*

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.4.0

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

1.5.3

Git / github.com/puppetlabs/puppetlabs-puppet_agent