puppet vulnerabilities

Puppet, an automated configuration management tool

Latest version: 6.3.0

View on RubyGems.org

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the puppet package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • H
Arbitrary Code Loading
<5.3.7,>=5.4.0, <5.5.2 Not available 17 Jun, 2018
  • H
Privilege Escalation
<5.3.7,>=5.4.0, <5.5.2 Not available 17 Jun, 2018
  • H
Privilege Escalation
<5.3.7,>=5.4.0, <5.5.2 Not available 17 Jun, 2018
  • M
Information Exposure
<5.3.4 Not available 12 Feb, 2018
  • M
Insecure Permissions
<5.3.4 Not available 12 Feb, 2018
  • H
Unauthorized Endpoint Access
>=4.0.0, <4.4.2 Not available 28 Feb, 2017
  • M
Information Exposure
<3.6.2 Not available 28 Feb, 2017
  • H
Arbitrary Code Execution
<2.7.26,>=3.0.0, <3.6.2 Not available 28 Feb, 2017
  • M
Privilege Escalation via Symlink Attack
>=2.0.0, <2.7.25,>=3.0.0, <3.4.2 Not available 28 Feb, 2017
  • M
Information Disclosure
>=2.7.14, <2.7.23,>=3.0.0, <3.2.4 Not available 28 Feb, 2017
  • M
Remote Code Execution
>=2.0.0, <2.7.23,>=3.0.0, <3.2.4 Not available 28 Feb, 2017
  • H
Remote Code Execution
<2.6.18,>=2.7.0, <2.7.21,>=3.0.0, <3.1.1 Not available 28 Feb, 2017
  • M
Information Disclosure via Insecure Default
<2.6.18,>=2.7.0, <2.7.21,>=3.0.0, <3.1.1 Not available 28 Feb, 2017
  • M
Remote Code Execution
<2.6.18,>=2.7.0, <2.7.21,>=3.0.0, <3.1.1 Not available 28 Feb, 2017
  • H
Remote Code Execution
>=2.6.0, <2.6.18,>=2.7.0, <2.7.21,>=3.0.0, <3.1.1 Not available 28 Feb, 2017
  • M
Remote Code Execution
>=2.6.0, <2.6.18,>=2.7.0, <2.7.21,>=3.0.0, <3.1.1 Not available 28 Feb, 2017
  • H
Remote Code Execution
>=2.6.0, <2.6.18,>=2.7.0, <2.7.21,>=3.0.0, <3.1.1 Not available 28 Feb, 2017
  • H
Remote Code Execution
<2.6.18,>=2.7.0, <2.7.21,>=3.0.0, <3.1.1 Not available 28 Feb, 2017
  • M
Insufficient Input Validation
>=2.7.0, <2.7.18,<2.6.17 Not available 28 Feb, 2017
  • M
Information Disclosure
>=2.7.0, <2.7.18 Not available 28 Feb, 2017
  • L
Directory Traversal
>=2.7.0, <2.7.18,<2.6.17 Not available 28 Feb, 2017
  • M
Arbitrary File Access
>=2.7.0, <2.7.18,<2.6.17 Not available 28 Feb, 2017
  • L
Agent Impersonation
<2.7.18 Not available 28 Feb, 2017
  • M
Arbitrary Code Execution
<2.6.15,>=2.7.0, <2.7.13 Not available 28 Feb, 2017
  • L
Denial of Service (DoS)
<2.6.15,>=2.7.0, <2.7.13 Not available 28 Feb, 2017
  • L
Arbitrary File Read Access
<2.6.15,>=2.7.0, <2.7.13 Not available 28 Feb, 2017
  • M
Symlink Attack
<2.6.15,>=2.7.0, <2.7.13 Not available 28 Feb, 2017
  • M
Local Privilege Escalation via Symlink Attack
<2.6.15,>=2.7.0, <2.7.12 Not available 28 Feb, 2017
  • H
Group Privilege Escalation
<2.6.14,>=2.7.0, <2.7.1 Not available 28 Feb, 2017