Forge
Documentation
Get Support
Education
Events
Shop

Why Puppet
Products
Services
Open Source
Resources
Partners
About Puppet

Why Puppet
Products
Services
Open Source
Resources
Partners
About Puppet
Forge
Documentation
Get Support
Education
Events
Shop

Search Puppet.com

Puppet is the industry standard for IT automation.

Modernize, manage and bring your hybrid infrastructure into compliance through Puppet's powerful continuous automation.

Why Puppet
Try Puppet

Use Cases

Application delivery & operations
Continuous configuration automation
Continuous compliance
Continuous delivery
Patch management
Puppet for government
Operations tasks & orchestration
Windows infrastructure automation

Get Puppet Enterprise

First 10 nodes are free!

Try it now
Request a demo

Products

Puppet Enterprise
Puppet Comply
Puppet Relay

Pricing & Packaging

Pricing
Support services plans
Professional services

Integrations

Amazon Web Services
Google Cloud Platform
Hashicorp
PowerShell DSC
Windows Azure
ServiceNow
Splunk
VMware
All integrations

Puppet Education

Puppet Education is your learning portal for tools and best practices to address common business challenges.

Puppet Education

Professional services

Start automating
Accelerate delivery
Integrate your toolchain
Harden infrastructure
Partner for success
Scale DevOps
All professional services

Support

Puppet support
Technical support packages
Technical account management

Custom consulting services

Get up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

Learn more

Puppet Forge

Find thousands of component modules built by the community and guidance on using them in your own infrastructure.

Visit Puppet Forge

Ecosystem

Puppet developer experience
Trusted contributors
GitHub
Vox Pupuli

Open Source Projects

Open source Puppet
Bolt
All open source projects
Compare our enterprise products

Community

Community
Puppet Champions
Puppet Test Pilots
Community calendar
Community Slack
Pulling the Strings Podcast
Puppet and Perforce Community FAQ

Contribute

Contribute written content
Contribute to open source projects
Puppet Idea Portal

State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

State of DevOps retrospective
Scaling DevOps

Get the 2021 State of DevOps Report

Product Documentation

Puppet Enterprise
Continuous Delivery for Puppet Enterprise
Puppet Comply
Puppet Remediate
All documentation

Resource library

Blog
Ebooks
Reports
Solution briefs
Videos
Webinars
White papers

Customers

Our customers
Customer videos
Customer stories

Partners

Technology partners
Channel partners
Solution providers
Become a partner
Partner Portal login

Featured Partners

About Us

Puppet automates your infrastructure so you can innovate. We find, fix, and predict in order to prevent surprises and maintain your desired state.

Company

Who We Are
Leadership
Diversity, equity & inclusion
Contact us

Working at Puppet

Careers
Open positions

Press & news

Press room
Press releases
News mentions

Events

It's our community that makes Puppet great. Connect with Puppet users and employees.

Watch On Demand: Puppetize Digital 2021
All events

CVE-2013-0155 (ActiveRecord Unsafe Query Generation Risk)

Posted January 15, 2013

Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it. More information can be found in the following post:

https://groups.google.com/group/rubyonrails-security/browse_thread/thread/73b8d3f8478df5e2

Status

Hotfixes available for Puppet Enterprise 1.2.5 and 2.7.0

Hotfixes

http://puppetlabs.com/security/cve/cve-2013-0155/hotfixes/

Puppet by Perforce gives IT operations teams back their time and offers peace of mind with infrastructure automation that enables security and compliance.

Legal Privacy Policy Terms of Use Security