CVE-2014-2525 (LibYAML vulnerability could allow arbitrary code execution in a URI in a YAML file)
Posted April 15, 2014
Assessed Risk Level: Medium
For LibYAML versions before 0.1.6, heap-based buffer overflow in the `yaml_parser_scan_uri_escapes` could allow attackers to execute arbitrary code via a long sequence of percent-endcoded characters in a URI in a YAML file.
- Resolved in Puppet Enterprise 3.2.2