{}

{}

{}

{"bugzilla": {"description": "puppet-agent: Deserialization of untrusted data", "id": "1927502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927502"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-502", "details": ["A flaw was found in puppet-agent. Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2021-27017", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "puppet-agent", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhui:3", "fix_state": "Will not fix", "package_name": "puppet", "product_name": "Red Hat Update Infrastructure 3 for Cloud Providers"}], "public_date": "2021-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-27017\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27017\nhttps://puppet.com/security/cve/CVE-2021-27017"], "threat_severity": "Moderate", "upstream_fix": "puppet-agent 7.4.0"}