Affecting puppet gem, versions <5.3.7 || >=5.4.0, <5.5.2
puppet is a Server automation framework and application.
Affected versions of this package are vulnerable to Privilege Escalation. An unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run.
puppet to versions 5.3.7, 5.5.2 or higher.