{"id":"DEBIAN-CVE-2012-3867","details":"lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.","modified":"2026-04-28T20:08:01.115400Z","published":"2012-08-06T16:55:06.680Z","upstream":["CVE-2012-3867"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-3867"}],"affected":[{"package":{"name":"puppet","ecosystem":"Debian:11","purl":"pkg:deb/debian/puppet?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.18-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3867.json"}}],"schema_version":"1.7.5"}