-
Posted April 15, 2014
-
Assessed Risk Level: Medium
For LibYAML versions before 0.1.6, heap-based buffer overflow in the `yaml_parser_scan_uri_escapes` could allow attackers to execute arbitrary code via a long sequence of percent-endcoded characters in a URI in a YAML file.
Status
- Resolved in Puppet Enterprise 3.2.2