CVE-2024-27294

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27294
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27294.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-27294
Aliases
  • GHSA-8h8m-h98f-vv84
Published
2024-02-29T23:15:08Z
Modified
2024-05-23T01:41:38.091548Z
Summary
[none]
Details

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group

References

Affected packages

Git / github.com/danielparks/puppet-golang

Affected ranges

Type
GIT
Repo
https://github.com/danielparks/puppet-golang
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6