In August 2019, jackson-databind published security updates addressing several CVEs. Previous releases of Puppet Enterprise contain a vulnerable version of nginx. Puppet Enterprise 2019.1.3 and 2018.1.11 contain an updated version of jackson-databind that has patched the vulnerabilities.
For more information about these vulnerabilities, refer to the Jackson 2.10 release announcement.
Affected software versions: