There are several vulnerabilities for Curl which have been announced. Versions of Puppet Enterprise prior to 2016.4.10 and 2017.3.3 shipped with a vulnerable version of curl. Puppet Enterprise 2016.4.10 and 2017.3.3 ship with an updated version of curl that has addressed these vulnerabilities.
For more information about these vulnerabilities refer to Curl vulnerabilities table (https://curl.haxx.se/docs/security.html)
Affected software versions: