CVSS 3 Base Score: Posted On: November 7, 2017Assessed Risk Level: MediumOn September 19, 2017 Nokogiri announced several vulnerabilities.Previous versions of Puppet-agent and PDK shipped with a vulnerable versions of ruby.For more information about this vulnerability, refer to the Ruby 2.4.2 release page. (https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/)Status:Affected software versions:Puppet Agent versions prior to 1.10.9Puppet Agent versions prior to 5.3.3PDK versions prior to 1.2.1Puppet Enterprise versions prior to 2016.4.9Puppet Enterprise versions prior to 2017.2.5Puppet Enterprise versions prior to 2017.3.2Resolved in:Puppet Agent 1.10.9Puppet Agent 5.3.3PDK 1.2.1Puppet Enterprise 2016.4.9Puppet Enterprise 2017.2.5Puppet Enterprise 2017.3.2← Back to CVE Listings