| Max CVSS | 6.0 | Min CVSS | 6.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-2295 | 6.0 |
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code
|
24-05-2018 - 13:36 | 05-07-2017 - 15:29 |