CVE-2013-1655

Name of the Vulnerable Software and Affected Versions Puppet versions 2.7.x through 2.7.20 Puppet versions 3.1.x through 3.1.0

Description The issue allows remote attackers to execute arbitrary code via vectors related to "serialized attributes" when running Ruby 1.9.3 or later. Multiple vulnerabilities in the Puppet package can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely by an authenticated attacker.

Recommendations For Puppet versions 2.7.x through 2.7.20, update to version 2.7.21 or later. For Puppet versions 3.1.x through 3.1.0, update to version 3.1.1 or later.