CVE-2014-3248 – A little problem with Puppet

A couple of weeks ago I found CVE-2014-3248.  I reported it to Puppet Labs via their security reporting process, which was  enjoyable.  The Puppet Labs report is a bit light on details, so below I have published the E-Mail I sent them, which has more details and steps to reproduce.  I was mildly entertained by … [Read more…]