Vulnerability Database

300,990

Total vulnerabilities in the database

CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."

Published: Mar 20, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-1655
GHSA: GHSA-574q-fxfj-wv6h
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
puppet / puppet	2.7.2	2.7.2.x
puppet / puppet	2.7.3	2.7.3.x
puppet / puppet	2.7.4	2.7.4.x
puppet / puppet	2.7.5	2.7.5.x
puppet / puppet	2.7.6	2.7.6.x
puppet / puppet	2.7.7	2.7.7.x
puppet / puppet	2.7.8	2.7.8.x
puppet / puppet	2.7.9	2.7.9.x
puppet / puppet	2.7.10	2.7.10.x
puppet / puppet	2.7.11	2.7.11.x
puppet / puppet	2.7.12	2.7.12.x
puppet / puppet	2.7.13	2.7.13.x
puppet / puppet	2.7.14	2.7.14.x
puppet / puppet	2.7.16	2.7.16.x
puppet / puppet	2.7.17	2.7.17.x
puppet / puppet	2.7.18	2.7.18.x
puppet / puppet_enterprise	3.1.0	3.1.0.x
puppetlabs / puppet	2.7.0	2.7.0.x
puppetlabs / puppet	2.7.1	2.7.1.x
puppetlabs / puppet	2.7.19	2.7.19.x
puppetlabs / puppet	2.7.20	2.7.20.x
puppetlabs / puppet	2.7.20-rc1	2.7.20-rc1.x
puppet	2.7.0	2.7.21
puppet	3.1.0	3.1.1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo