{"id":"CVE-2016-2788","details":"MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.","modified":"2026-04-10T03:49:15.290019Z","published":"2017-02-13T18:59:00.457Z","references":[{"type":"ADVISORY","url":"https://puppet.com/security/cve/cve-2016-2788"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/puppetlabs/marionette-collective","events":[{"introduced":"0"},{"last_affected":"07cb2f2eacd9c14c063a781e9febc09db566938a"},{"introduced":"0"},{"last_affected":"d3c6dcee6ebfdea75546d895bcea3dc319bd93ef"},{"introduced":"0"},{"last_affected":"39b56d206e8866a4af2046ab20fb412442f044c0"},{"introduced":"0"},{"last_affected":"10e8aab117ea714a9544b66415bf40dc5297f3be"},{"introduced":"0"},{"last_affected":"69e4d3024d6ed178dfc18030c4f42092121ed91d"},{"introduced":"0"},{"last_affected":"88373f7be33a83ca8d2833525914836966ed24e1"},{"introduced":"0"},{"last_affected":"e9f5657f07bb878a87463f7344dd9b949a53c170"},{"introduced":"0"},{"last_affected":"4b42f1b98199f52578f21c73dc27400651119bf3"},{"introduced":"0"},{"last_affected":"a28c1afe18b619c05e18c98b68007e4327fd425c"},{"introduced":"0"},{"last_affected":"1d427e2632abe360f8a7f41d8ccc6628a2c43e48"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.0"},{"introduced":"0"},{"last_affected":"2.8.0"},{"introduced":"0"},{"last_affected":"2.8.1"},{"introduced":"0"},{"last_affected":"2.8.2"},{"introduced":"0"},{"last_affected":"2.8.3"},{"introduced":"0"},{"last_affected":"2.8.4"},{"introduced":"0"},{"last_affected":"2.8.5"},{"introduced":"0"},{"last_affected":"2.8.6"},{"introduced":"0"},{"last_affected":"2.8.7"},{"introduced":"0"},{"last_affected":"2.8.8"}]}}],"versions":["0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","1.0.0","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.2.0","1.3.0","1.3.1","1.3.2","1.3.3","2.0.0","2.1.0","2.1.1","2.2.0","2.3.0","2.3.1","2.3.2","2.3.3","2.4.0","2.4.0-rc1","2.4.0-rc2","2.4.1","2.5.0","2.5.0-rc1","2.5.1","2.6.0","2.7.0","2.8.0","2.8.1","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.8.8"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.8.0"},{"fixed":"3.8.6"}]},{"events":[{"introduced":"2016.2.0"},{"fixed":"2016.2.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2788.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}