Ruby/puppet/2.6.3
Puppet, an automated administrative engine for your Linux, Unix, and Windows systems, performs administrative tasks (such as adding users, installing packages, and updating server configurations) based on a centralized specification.
https://rubygems.org/gems/puppet
UNKNOWN
25 Security Vulnerabilities
Puppet Arbitrary Command Execution
- https://nvd.nist.gov/vuln/detail/CVE-2012-1988
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74796
- https://hermes.opensuse.org/messages/14523305
- https://hermes.opensuse.org/messages/15087408
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
- http://ubuntu.com/usn/usn-1419-1
- http://www.debian.org/security/2012/dsa-2451
- https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
- https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
- https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
- https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518
- https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
- https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/
- https://github.com/advisories/GHSA-6xxq-j39w-g3f6
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml
- https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789
- https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748
- https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136
- https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743
- https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975
- http://projects.puppetlabs.com/issues/13518
- http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
- http://puppetlabs.com/security/cve/cve-2012-1988/
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
Puppet Privilege Escallation
- https://nvd.nist.gov/vuln/detail/CVE-2012-1053
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73445
- https://hermes.opensuse.org/messages/15087408
- https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36
- https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html
- https://ubuntu.com/usn/usn-1372-1
- https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/
- https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458
- https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457
- https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459
- https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158
- https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14
- https://www.debian.org/security/2012/dsa-2419
- https://github.com/advisories/GHSA-77hg-g8cc-5r37
The changeuser method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the changeuser not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.
Puppet arbitrary file overwrite
- https://nvd.nist.gov/vuln/detail/CVE-2011-3869
- https://puppet.com/security/cve/cve-2011-3869
- http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
- http://www.debian.org/security/2011/dsa-2314
- http://www.ubuntu.com/usn/USN-1223-1
- http://www.ubuntu.com/usn/USN-1223-2
- https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c
- https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd
- https://github.com/advisories/GHSA-8c56-v25w-f89c
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2014-3248
- https://github.com/advisories/GHSA-92v7-pq4h-58j5
- http://puppetlabs.com/security/cve/cve-2014-3248
- http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
- http://secunia.com/advisories/59197
- http://secunia.com/advisories/59200
- http://www.securityfocus.com/bid/68035
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml
- https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035
- https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
- https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb
, (2) Win32API.rb
, (3) Win32API.so
, (4) safe_yaml.rb
, (5) safe_yaml/deep.rb
, or (6) safe_yaml/deep.so
; or (7) operatingsystem.rb
, (8) operatingsystem.so
, (9) osfamily.rb
, or (10) osfamily.so
in puppet/confine
.
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
- https://nvd.nist.gov/vuln/detail/CVE-2021-27023
- https://puppet.com/security/cve/CVE-2021-27023
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
- https://github.com/advisories/GHSA-93j5-g845-9wqp
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Puppet does not properly restrict access to node resources
- https://nvd.nist.gov/vuln/detail/CVE-2011-0528
- http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html
- http://www.openwall.com/lists/oss-security/2011/01/27/6
- http://www.openwall.com/lists/oss-security/2011/01/31/5
- http://www.ubuntu.com/usn/USN-1365-1
- https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3
- https://github.com/advisories/GHSA-9pvx-fwwh-w289
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml
- http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Puppet uses predictable filenames, allowing arbitrary file overwrite
- https://nvd.nist.gov/vuln/detail/CVE-2012-1906
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74793
- https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f
- https://ubuntu.com/usn/usn-1419-1
- https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
- https://www.debian.org/security/2012/dsa-2451
- https://github.com/advisories/GHSA-c4mc-49hq-q275
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml
- http://projects.puppetlabs.com/issues/13260
- http://puppetlabs.com/security/cve/cve-2012-1906/
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.
Puppet vulnerable to Path Traversal
- https://nvd.nist.gov/vuln/detail/CVE-2012-3865
- https://github.com/advisories/GHSA-g89m-3wjw-h857
- https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f
- https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6
- https://bugzilla.redhat.com/show_bug.cgi?id=839131
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
- http://puppetlabs.com/security/cve/cve-2012-3865/
- http://secunia.com/advisories/50014
- http://www.debian.org/security/2012/dsa-2511
- http://www.ubuntu.com/usn/USN-1506-1
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml
- https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master
Directory traversal vulnerability in lib/puppet/reports/store.rb
in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a ..
(dot dot) in a node name.
Improper Certificate Validation in Puppet
Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default
node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting strict_hostname_checking = true
in puppet.conf
on your Puppet master. Puppet 6.13.0 changes the default behavior for stricthostnamechecking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set stricthostnamechecking to true to ensure secure behavior.
Puppet uses predictable filenames, allowing arbitrary file overwrite
- https://nvd.nist.gov/vuln/detail/CVE-2011-3871
- https://puppet.com/security/cve/cve-2011-3871
- http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
- http://www.debian.org/security/2011/dsa-2314
- http://www.ubuntu.com/usn/USN-1223-1
- http://www.ubuntu.com/usn/USN-1223-2
- https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d
- https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899
- https://github.com/advisories/GHSA-mpmx-gm5v-q789
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit
mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
- https://nvd.nist.gov/vuln/detail/CVE-2012-3867
- https://github.com/advisories/GHSA-q44r-f2hm-v76v
- https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640
- https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50
- https://bugzilla.redhat.com/show_bug.cgi?id=839158
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html
- http://puppetlabs.com/security/cve/cve-2012-3867/
- http://secunia.com/advisories/50014
- http://www.debian.org/security/2012/dsa-2511
- http://www.ubuntu.com/usn/USN-1506-1
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml
- https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation
lib/puppet/ssl/certificate_authority.rb
in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.
Silent Configuration Failure in Puppet Agent
- https://nvd.nist.gov/vuln/detail/CVE-2021-27025
- https://puppet.com/security/cve/cve-2021-27025
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7/
- https://github.com/advisories/GHSA-q4g7-jrxv-67r9
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Puppet allows local users to modify the permissions of arbitrary files
- https://nvd.nist.gov/vuln/detail/CVE-2011-3870
- https://puppet.com/security/cve/cve-2011-3870
- http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html
- http://www.debian.org/security/2011/dsa-2314
- http://www.ubuntu.com/usn/USN-1223-1
- http://www.ubuntu.com/usn/USN-1223-2
- https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30
- https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0
- https://github.com/advisories/GHSA-qh3g-27jf-3j54
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
Puppet Denial of Service and Arbitrary File Write
- https://nvd.nist.gov/vuln/detail/CVE-2012-1987
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
- https://hermes.opensuse.org/messages/14523305
- https://hermes.opensuse.org/messages/15087408
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
- http://ubuntu.com/usn/usn-1419-1
- http://www.debian.org/security/2012/dsa-2451
- https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
- https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
- https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
- https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
- https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
- https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
- https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
- https://github.com/advisories/GHSA-v58w-6xc2-w799
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random
; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use a marshaled form of a `Puppet::FileBucket::File object`
to write to arbitrary file locations.
Tarball permission preservation in puppet
- https://nvd.nist.gov/vuln/detail/CVE-2017-10689
- https://access.redhat.com/errata/RHSA-2018:2927
- https://puppet.com/security/cve/CVE-2017-10689
- https://usn.ubuntu.com/3567-1/
- https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
- https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
- https://tickets.puppetlabs.com/browse/PUP-7866
- https://github.com/advisories/GHSA-vw22-465p-8j5w
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask.
When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions.
Puppet supports use of IP addresses in certnames without warning of potential risks
- https://nvd.nist.gov/vuln/detail/CVE-2012-3408
- https://github.com/advisories/GHSA-vxf6-w9mp-95hm
- https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd
- https://bugzilla.redhat.com/show_bug.cgi?id=839166
- http://puppetlabs.com/security/cve/cve-2012-3408/
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml
- https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation
lib/puppet/network/authstore.rb
in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
Puppet does not properly restrict access to node resources
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.
Agent Imprersonation in Puppet
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
Unauthenticated Remote Code Execution Vulnerability
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operatingsystem.rb, (2) Win32API.rb, (3) Win32API.so, (4) safeyaml.rb, (5) safeyaml/deep.rb, or (6) safeyaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
Puppet Improper Access Control
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Tarball permission preservation in puppet
When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask.
When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions.
Improper Certificate Validation in Puppet
Previously, Puppet operated on a model that a node with a valid certificate
was entitled to all information in the system and that a compromised certificate
allowed access to everything in the infrastructure. When a node's catalog falls
back to the default
node, the catalog can be retrieved for a different node by
modifying facts for the Puppet run. This issue can be mitigated by setting
strict_hostname_checking = true
in puppet.conf
on your Puppet master. Puppet
6.13.0 changes the default behavior for stricthostnamechecking from false to
true. It is recommended that Puppet Open Source and Puppet Enterprise users that
are not upgrading still set strict_hostname_checking
to true
to ensure secure
behavior.
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Silent Configuration Failure in Puppet Agent
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
300 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
8.10.0 | Apache-2.0 | 2024-10-22 - 20:38 | 23 days | |
8.9.0 | Apache-2.0 | 2024-09-10 - 17:30 | 2 months | |
8.8.1 | Apache-2.0 | 2024-07-25 - 16:32 | 4 months | |
8.7.0 | Apache-2.0 | 2024-06-11 - 16:24 | 5 months | |
8.6.0 | Apache-2.0 | 2024-04-11 - 16:35 | 7 months | |
8.5.1 | Apache-2.0 | 2024-03-05 - 22:23 | 8 months | |
8.5.0 | Apache-2.0 | 2024-02-27 - 18:49 | 9 months | |
8.4.0 | Apache-2.0 | 2024-01-18 - 18:22 | 10 months | |
8.3.1 | Apache-2.0 | 2023-11-07 - 17:42 | about 1 year | |
8.3.0 | Apache-2.0 | 2024-08-02 - 17:21 | 3 months | |
8.2.0 | Apache-2.0 | 2023-08-23 - 18:22 | about 1 year | |
8.1.0 | Apache-2.0 | 2023-06-14 - 17:22 | over 1 year | |
8.0.1 | Apache-2.0 | 2023-04-26 - 18:26 | over 1 year | |
8.0.0 | Apache-2.0 | 2023-04-25 - 18:59 | over 1 year | |
7.34.0 | Apache-2.0 | 2024-10-22 - 17:19 | 23 days | |
7.33.0 | Apache-2.0 | 2024-09-10 - 16:08 | 2 months | |
7.32.1 | Apache-2.0 | 2024-07-25 - 16:13 | 4 months | |
7.31.0 | Apache-2.0 | 2024-06-11 - 16:04 | 5 months | |
7.30.0 | Apache-2.0 | 2024-04-11 - 16:14 | 7 months | |
7.29.1 | Apache-2.0 | 2024-03-05 - 22:08 | 8 months | |
7.29.0 | Apache-2.0 | 2024-02-27 - 18:28 | 9 months | |
7.28.0 | Apache-2.0 | 2024-01-18 - 17:49 | 10 months | |
7.27.0 | Apache-2.0 | 2023-11-07 - 17:20 | about 1 year | |
7.26.0 | Apache-2.0 | 2023-08-23 - 18:19 | about 1 year | |
7.25.0 | Apache-2.0 | 2023-06-14 - 17:26 | over 1 year | |
7.24.0 | Apache-2.0 | 2023-04-06 - 16:30 | over 1 year | |
7.23.0 | Apache-2.0 | 2023-02-08 - 17:16 | almost 2 years | |
7.22.0 | Apache-2.0 | 2023-01-25 - 00:50 | almost 2 years | |
7.21.0 | Apache-2.0 | 2022-12-08 - 17:24 | almost 2 years | |
7.20.0 | Apache-2.0 | 2022-10-11 - 16:17 | about 2 years | |
7.19.0 | Apache-2.0 | 2022-09-13 - 16:27 | about 2 years | |
7.18.0 | Apache-2.0 | 2022-08-02 - 16:46 | over 2 years | |
7.17.0 | Apache-2.0 | 2022-05-26 - 20:27 | over 2 years | |
7.16.0 | Apache-2.0 | 2022-04-19 - 16:03 | over 2 years | |
7.15.0 | Apache-2.0 | 2022-03-22 - 17:11 | over 2 years | |
7.14.0 | Apache-2.0 | 2022-01-20 - 17:19 | almost 3 years | |
7.13.1 | Apache-2.0 | 2021-12-13 - 17:14 | almost 3 years | |
7.12.1 | Apache-2.0 | 2021-11-09 - 17:15 | about 3 years | |
7.12.0 | Apache-2.0 | 4 | 2021-10-12 - 16:12 | about 3 years |
7.11.0 | Apache-2.0 | 4 | 2021-09-16 - 16:05 | about 3 years |
7.10.0 | Apache-2.0 | 4 | 2021-08-17 - 16:05 | about 3 years |
7.9.0 | Apache-2.0 | 4 | 2021-07-20 - 17:30 | over 3 years |
7.8.0 | UNKNOWN | 4 | 2021-06-24 - 16:13 | over 3 years |
7.7.0 | UNKNOWN | 4 | 2021-06-01 - 16:06 | over 3 years |
7.6.1 | UNKNOWN | 4 | 2021-04-26 - 17:40 | over 3 years |
7.5.0 | UNKNOWN | 4 | 2021-03-16 - 17:05 | over 3 years |
7.4.1 | UNKNOWN | 4 | 2021-02-16 - 17:55 | over 3 years |
7.4.0 | UNKNOWN | 4 | 2021-02-09 - 17:22 | almost 4 years |
7.3.0 | UNKNOWN | 4 | 2021-01-20 - 17:15 | almost 4 years |
7.1.0 | UNKNOWN | 4 | 2020-12-15 - 17:13 | almost 4 years |
7.0.0 | UNKNOWN | 4 | 2020-11-19 - 17:48 | almost 4 years |
6.29.0 | Apache-2.0 | 2 | 2023-01-25 - 00:38 | almost 2 years |
6.28.0 | Apache-2.0 | 2 | 2022-08-02 - 16:46 | over 2 years |
6.27.0 | Apache-2.0 | 2 | 2022-04-19 - 16:04 | over 2 years |
6.26.0 | Apache-2.0 | 2 | 2022-01-20 - 17:19 | almost 3 years |
6.25.1 | Apache-2.0 | 2021-11-09 - 17:14 | about 3 years | |
6.25.0 | Apache-2.0 | 2 | 2021-10-12 - 16:12 | about 3 years |
6.24.0 | Apache-2.0 | 4 | 2021-07-20 - 17:32 | over 3 years |
6.23.0 | UNKNOWN | 4 | 2021-06-24 - 16:16 | over 3 years |
6.22.1 | UNKNOWN | 4 | 2021-04-26 - 17:41 | over 3 years |
6.21.1 | UNKNOWN | 4 | 2021-02-16 - 17:53 | over 3 years |
6.21.0 | UNKNOWN | 4 | 2021-02-09 - 17:21 | almost 4 years |
6.20.0 | UNKNOWN | 4 | 2021-01-20 - 17:14 | almost 4 years |
6.19.1 | UNKNOWN | 4 | 2020-10-22 - 16:47 | about 4 years |
6.19.0 | UNKNOWN | 4 | 2020-10-20 - 17:21 | about 4 years |
6.18.0 | UNKNOWN | 4 | 2020-08-25 - 16:12 | about 4 years |
6.17.0 | UNKNOWN | 4 | 2020-07-14 - 16:11 | over 4 years |
6.16.0 | UNKNOWN | 4 | 2020-06-03 - 16:14 | over 4 years |
6.15.0 | UNKNOWN | 4 | 2020-04-30 - 16:16 | over 4 years |
6.14.0 | UNKNOWN | 4 | 2020-03-10 - 19:45 | over 4 years |
6.13.0 | UNKNOWN | 4 | 2020-02-18 - 17:01 | over 4 years |
6.12.0 | UNKNOWN | 6 | 2020-01-14 - 19:02 | almost 5 years |
6.11.1 | UNKNOWN | 6 | 2019-11-20 - 21:19 | almost 5 years |
6.11.0 | UNKNOWN | 6 | 2019-11-19 - 17:46 | almost 5 years |
6.10.1 | UNKNOWN | 6 | 2019-10-15 - 16:14 | about 5 years |
6.10.0 | UNKNOWN | 6 | 2019-10-01 - 16:03 | about 5 years |
6.9.0 | UNKNOWN | 6 | 2019-09-17 - 16:57 | about 5 years |
6.8.1 | UNKNOWN | 6 | 2019-08-28 - 15:31 | about 5 years |
6.8.0 | UNKNOWN | 6 | 2019-08-21 - 16:01 | about 5 years |
6.7.2 | UNKNOWN | 6 | 2019-07-26 - 16:49 | over 5 years |
6.7.0 | UNKNOWN | 6 | 2019-07-23 - 16:23 | over 5 years |
6.6.0 | UNKNOWN | 6 | 2019-07-01 - 16:37 | over 5 years |
6.5.0 | UNKNOWN | 6 | 2019-06-19 - 16:09 | over 5 years |
6.4.5 | UNKNOWN | 6 | 2020-01-14 - 17:39 | almost 5 years |
6.4.4 | UNKNOWN | 6 | 2019-10-15 - 16:13 | about 5 years |
6.4.3 | UNKNOWN | 6 | 2019-07-16 - 17:04 | over 5 years |
6.4.2 | UNKNOWN | 6 | 2019-04-30 - 15:44 | over 5 years |
6.4.1 | UNKNOWN | 6 | 2019-04-16 - 15:29 | over 5 years |
6.4.0 | UNKNOWN | 6 | 2019-03-26 - 16:13 | over 5 years |
6.3.0 | UNKNOWN | 6 | 2019-02-20 - 17:32 | over 5 years |
6.2.0 | UNKNOWN | 6 | 2019-01-24 - 20:45 | almost 6 years |
6.1.0 | UNKNOWN | 6 | 2018-12-18 - 17:31 | almost 6 years |
6.0.10 | UNKNOWN | 6 | 2019-07-16 - 16:46 | over 5 years |
6.0.9 | UNKNOWN | 6 | 2019-04-30 - 15:28 | over 5 years |
6.0.8 | UNKNOWN | 6 | 2019-04-16 - 13:56 | over 5 years |
6.0.7 | UNKNOWN | 6 | 2019-03-26 - 14:13 | over 5 years |
6.0.5 | UNKNOWN | 6 | 2019-01-15 - 15:25 | almost 6 years |
6.0.4 | UNKNOWN | 6 | 2018-11-01 - 17:07 | about 6 years |
6.0.3 | UNKNOWN | 6 | 2018-10-25 - 16:11 | about 6 years |
6.0.2 | UNKNOWN | 6 | 2018-10-04 - 17:09 | about 6 years |