CVSS 3 Base Score:

Posted On:

Assessed Risk Level:
Medium

On March 25, 2020, JRuby published a release addressing https://github.com/jruby/jruby/issues/6137. Previous releases of Puppet Server contain a vulnerable version of JRuby. Puppet Server 6.10.0 contains an updated version of JRuby to address the issue.

For more information about this issue, refer to the GitHub issue

Status:

Affected software versions:

Puppet Server versions prior to 6.10.0

Resolved in:

Puppet Server 6.10.0