CVSS 3 Base Score:

Posted On:

Assessed Risk Level:
Medium

On September 19, 2017 Nokogiri announced several vulnerabilities.

Previous versions of Puppet-agent and PDK shipped with a vulnerable versions of ruby.

For more information about this vulnerability, refer to the Ruby 2.4.2 release page. (https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/)

Status:

Affected software versions:
  • Puppet Agent versions prior to 1.10.9
  • Puppet Agent versions prior to 5.3.3
  • PDK versions prior to 1.2.1
  • Puppet Enterprise versions prior to 2016.4.9
  • Puppet Enterprise versions prior to 2017.2.5
  • Puppet Enterprise versions prior to 2017.3.2
Resolved in:
  • Puppet Agent 1.10.9
  • Puppet Agent 5.3.3
  • PDK 1.2.1
  • Puppet Enterprise 2016.4.9
  • Puppet Enterprise 2017.2.5
  • Puppet Enterprise 2017.3.2
← Back to CVE Listings