CVE-2021-27020 - Formula Injection

  • Posted May 4, 2021

  • Assessed Risk Level: Medium

  • CVSS 3.1 Base Score: 5.7

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. This has been resolved in Puppet Enterprise 2019.8.6 and 2021.1.0.


Affected software versions:

  • Puppet Enterprise prior to 2019.8.6

Resolved in:

  • Puppet Enterprise 2019.8.6
  • Puppet Enterprise 2021.1.0
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.