Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| puppet(RubyGems) | 2.7.0 | 2.7.21 | N/A |
| puppet(RubyGems) | 3.1.0 | 3.1.1 | N/A |
CVSS Metrics
