CVE-2013-1640
puppet - several issues
EPSS 2.3%
Description
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
How to fix CVE-2013-1640
To remediate CVE-2013-1640, upgrade the affected package to a fixed version below.
- Debian/puppet—upgrade to 2.7.18-3 or later
- Debian/puppet—upgrade to 2.6.2-5+squeeze7 or later
Is CVE-2013-1640 being exploited?
Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.7.18-3
- from 0, < 2.6.2-5+squeeze7