cvedb.io
CVE-2016-5713
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-12-06T15:29:00.217 · Last modified 2026-06-17T00:49:55.027

Summary

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.

Affected products

puppet — puppet_agent

Does this affect you?

Add your gear to cvedb and we'll alert you only when puppet ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.