Posted December 26, 2013
Assessed Risk Level: Low
RubyGems validates versions with a regular expression that is vulnerable to attackers causing denial of service through CPU consumption.
- Affected Versions: Puppet Enterprise 2.x, 3.x
- Resolved in Puppet Enterprise 2.8.4 and 3.1.1
- Note: This vulnerability was due to an incomplete fix for CVE-2013-4287.