EPSS
Percentile
87.9%
mcollective-client is vulnerable to remote code execution. This is due to the use of eval to evaluate comparison expressions in discovery filters, which allows an attacker to execute arbitrary code via the mco ping command.
eval
mco ping
github.com/puppetlabs/marionette-collective/blob/f88cdc2ae94280ca49d33d534285a230af9f5bed/website/releasenotes.md#289---20160627
github.com/puppetlabs/marionette-collective/commit/4de959d0eae2b4cfc5ed4a0f5f659d4bf49cbedb
puppet.com/security/cve/cve-2016-2788