CVE-2013-4957

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.

Read the notes from the security team

• How can I get the fixes?
• What do statuses mean?

Notes

References

• MITRE
• NVD
• Launchpad
• Debian

Other references

• http://xforce.iss.net/xforce/xfdb/88089
• http://secunia.com/advisories/55362
• http://puppetlabs.com/security/cve/cve-2013-4957
• http://osvdb.org/98639
• https://www.cve.org/CVERecord?id=CVE-2013-4957