Puppet Continuous Delivery for Puppet Enterprise

Vendor Data

Vendor Patch Exists

Community Data

Community Resources

Resource	Link
source	https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/
workaround	https://puppet.com/docs/continuous-delivery/4.x/cd_release_notes.html#cd_release_notes-version-4-10-3
mitigations	https://support.puppet.com/hc/en-us/articles/360046708133-Puppet-Response-to-CVE-2021-44228-FAQ/

Community Notes

Source	Note
NCSC-NL	CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL	Update available for version 4.x, mitigations for 3.x which is EOL

Sources

Date	Attribution	Description
2021-12-31 9:06:53	NCSC-NL	Updated vendorPatchExists. Updated community note. Updated community link source. Updated community link workaround. Updated community link mitigations. Updated community note.