Puppet is the industry standard for IT automation.
Modernize, manage and bring your hybrid infrastructure into compliance through Puppet's powerful continuous automation.
Get Puppet Enterprise
First 10 nodes are free!
Pricing & Packaging
Puppet Compass is your learning portal for tools and best practices to address common business challenges.
Open Source Puppet Assist
Your one-stop shop for exclusive tools to enhance your efficiency using Open Source Puppet.
Custom consulting services
Get up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
EcosystemOpen Source Projects
State of DevOps Report
Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.
Puppet takes the risk out of change. We meet you where you are today and take you where you need to go.
CompanyWorking at Puppet
Press & news
It's our community that makes Puppet great. Connect with Puppet users and employees.
CVE-2013-6417 (Improper consideration of differences in parameter handling between Rack and Rails Requests)
Posted December 26, 2013
Assessed Risk Level: Medium
Differences in parameter handling between Rack and Rails requests allow remote attackers to bypass database query restrictions and perform NULL checks or trigger missing WHERE clauses via requests using third-party or custom Rack middleware.
Affected Versions: Puppet Enterprise 2.x, 3.x
Resolved in Puppet Enterprise 2.8.4 and 3.1.1
Note: This vulnerability was due to an incomplete fix for CVE-2013-0155.