Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2017/07/12 11:50 a.m.17 views

CVE-2017-2292

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safeload, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safeload on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a...

9CVSS6.1AI score0.0218EPSS
Exploits0References2
Prion
Prion
added 2017/06/30 8:29 p.m.11 views

Code injection

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safeload, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safeload on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a...

7.5CVSS9.2AI score0.0218EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/06/30 8:29 p.m.2 views

DEBIAN-CVE-2017-2292

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safeload, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safeload on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a...

9CVSS7.8AI score0.0218EPSS
Exploits0References1
OSV
OSV
added 2017/06/30 8:29 p.m.3 views

UBUNTU-CVE-2017-2292

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safeload, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safeload on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a...

9CVSS7.8AI score0.0218EPSS
Exploits0References4
Rows per page
Query Builder