CVSS 3 Base Score: Posted On: January 29, 2019Assessed Risk Level: High On November 28, 2018, FasterXML published a security update addressing several vulnerabilities including CVE-2018-7489. Puppet Enterprise 2019.0.2 and 2018.1.7 ship with an updated version of jackson-databind and PuppetDB excludes jackson-databind entirely. For more information about the vulnerabilities, refer to the Faster XML security announcement. Status:Affected software versions:Puppet Enterprise prior to 2019.0.2Puppet Enterprise prior to 2018.1.7Resolved in:Puppet Enterprise 2019.0.2Puppet Enterprise 2018.1.7← Back to CVE Listings