{"id":"DEBIAN-CVE-2011-3871","details":"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.","modified":"2026-04-28T20:07:10.268125Z","published":"2011-10-27T20:55:01.620Z","upstream":["CVE-2011-3871"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2011-3871"}],"affected":[{"package":{"name":"puppet","ecosystem":"Debian:11","purl":"pkg:deb/debian/puppet?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.3-3"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3871.json"}}],"schema_version":"1.7.5"}