SynopsisA web application on the remote host has a code execution vulnerability.
DescriptionAccording to its self-reported version number, the Puppet install on the remote host has a remote code execution vulnerability. Specially crafted YAML encoded objects are not unserialized safely. A remote, unauthenticated attacker could exploit this to execute arbitrary code.
The issue is reportedly only exploitable when Puppet has the master role enabled, and is configured to use Ruby 1.9.3 or later.
SolutionUpgrade to Puppet 2.7.21 / 3.1.1 or later.