Puppet is the industry standard for IT automation.
Manage and automate more infrastructure and complex workflows in a simple, yet powerful way.
Cloud & Hybrid Automation
Accelerate your cloud journey with an enterprise automation platform for your hybrid estate.
Enforce compliance across hybrid infrastructure with policy as code and model-driven automation.
Modernize faster with Puppet DevOps consulting and infrastructure as code.
Pricing & PackagingGet Puppet Enterprise
First 10 Nodes are free!
Custom consulting services
Get you up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.
Puppet Compass is your source for tools and best practices to address common business challenges.
State of DevOps Report
Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.
Join us for a Puppet event
It's our community that makes Puppet great. Connect with Puppet users and employees.
Puppet CommunityContribute content
Puppet frees you to do what robots can’t. We make automation software because you’ve got better things to do.
Press & news
Our voiceWorking at Puppet
CVE-2013-6417 (Improper consideration of differences in parameter handling between Rack and Rails Requests)
Posted December 26, 2013
Assessed Risk Level: Medium
Differences in parameter handling between Rack and Rails requests allow remote attackers to bypass database query restrictions and perform NULL checks or trigger missing WHERE clauses via requests using third-party or custom Rack middleware.
Affected Versions: Puppet Enterprise 2.x, 3.x
Resolved in Puppet Enterprise 2.8.4 and 3.1.1
Note: This vulnerability was due to an incomplete fix for CVE-2013-0155.