GMS-2014-5: Arbitrary Code Execution

May 6, 2014

This package is vulnerable to Arbitrary Code Execution. The current directory ‘.’ is on the load path for Ruby. If users create ruby source files with names that correspond to those that hiera trys to load, it may result in loading and the execution of these files.

References

github.com/puppetlabs/hiera/commit/5b71548ca9ea9ced460b2970c3e8fb483b495806

Detect and mitigate GMS-2014-5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →