Search for packages
| purl | pkg:gem/puppet@6.26 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qdsk-m9ye-z3a4
Aliases: CVE-2021-27023 GHSA-93j5-g845-9wqp |
Unsafe HTTP Redirect in Puppet Agent and Puppet Server A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 |
Affected by 8 other vulnerabilities. |
|
VCID-s94z-5sd6-33dk
Aliases: CVE-2021-27025 GHSA-q4g7-jrxv-67r9 |
Silent Configuration Failure in Puppet Agent A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. |
Affected by 8 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:22.602466+00:00 | Ruby Importer | Affected by | VCID-qdsk-m9ye-z3a4 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27023.yml | 38.0.0 |
| 2026-04-01T15:18:22.546289+00:00 | Ruby Importer | Affected by | VCID-s94z-5sd6-33dk | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2021-27025.yml | 38.0.0 |