Sinatra Security Fixes
Posted November 6, 2019
Assessed Risk Level: Medium
Previous releases of Puppet Enterprise contain vulnerable versions of Sinatra and rack-protection. Puppet Enterprise 2019.1.3 and 2018.1.11 contain an updated version of Sinatra that has patched the vulnerabilities.
For more information about these vulnerabilities, refer to the National Vulnerability Database entries for CVE-2018-11627, CVE-2018-1000119, and CVE-2018-7212.
Affected software versions:
- Puppet Enterprise 2019.1 versions prior to 2019.1.3
- Puppet Enterprise 2018.1 versions prior to 2018.1.11
- Puppet Enterprise 2019.1.3
- Puppet Enterprise 2018.1.11