Puppet · Puppet Enterprise · CVE-2016-5714
**Name of the Vulnerable Software and Affected Versions**
Puppet Enterprise versions 2015.3.3 and 2016.x before 2016.4.0
Puppet Agent versions 1.3.6 through 1.7.0
**Description**
The issue allows remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on nodes via vectors related to command validation.
**Recommendations**
For Puppet Enterprise versions 2015.3.3 and 2016.x before 2016.4.0, update to version 2016.4.0 or later to resolve the issue.
For Puppet Agent versions 1.3.6 through 1.7.0, update to version 1.7.0 or later to resolve the issue.