Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation16 reference(s) from NVD