CVSS 3 Base Score: Posted On: November 6, 2019Assessed Risk Level: Medium Previous releases of Puppet Enterprise contain vulnerable versions of Sinatra and rack-protection. Puppet Enterprise 2019.1.3 and 2018.1.11 contain an updated version of Sinatra that has patched the vulnerabilities. For more information about these vulnerabilities, refer to the National Vulnerability Database entries for [CVE-2018-11627](https://nvd.nist.gov/vuln/detail/CVE-2018-11627), [CVE-2018-1000119](https://nvd.nist.gov/vuln/detail/CVE-2018-1000119), and [CVE-2018-7212](https://nvd.nist.gov/vuln/detail/CVE-2018-7212). Status:Affected software versions:- Puppet Enterprise 2019.1 versions prior to 2019.1.3 - Puppet Enterprise 2018.1 versions prior to 2018.1.11Resolved in:- Puppet Enterprise 2019.1.3 - Puppet Enterprise 2018.1.11← Back to CVE Listings