On December 14, 2017 Ruby announced a vulnerability with a bundled library.
Previous versions of puppet-agent shipped with a vulnerable versions of ruby.
For more information about this vulnerability, refer to Ruby’s security announcement page. (https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/)
Affected software versions:
Resolved in: