Puppet is the industry standard for IT automation.
Modernize, manage and bring your hybrid infrastructure into compliance through Puppet's powerful continuous automation.
Get Puppet Enterprise
First 10 nodes are free!
Pricing & Packaging
Puppet Education is your learning portal for tools and best practices to address common business challenges.
Custom consulting services
Get up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
EcosystemOpen Source Projects
State of DevOps Report
Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.
Puppet automates your infrastructure so you can innovate. We find, fix, and predict in order to prevent surprises and maintain your desired state.
CompanyWorking at Puppet
Press & news
It's our community that makes Puppet great. Connect with Puppet users and employees.
CVE-2013-6417 (Improper consideration of differences in parameter handling between Rack and Rails Requests)
Posted December 26, 2013
Assessed Risk Level: Medium
Differences in parameter handling between Rack and Rails requests allow remote attackers to bypass database query restrictions and perform NULL checks or trigger missing WHERE clauses via requests using third-party or custom Rack middleware.
Affected Versions: Puppet Enterprise 2.x, 3.x
Resolved in Puppet Enterprise 2.8.4 and 3.1.1
Note: This vulnerability was due to an incomplete fix for CVE-2013-0155.