CVE-2024-27294

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27294

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27294.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-27294

Related

GHSA-8h8m-h98f-vv84

Published

2024-02-29T23:15:08Z

Modified

2025-05-19T10:16:51.978061Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group

References

Affected packages

Git / github.com/danielparks/puppet-golang

Affected ranges

Type: GIT
Repo: https://github.com/danielparks/puppet-golang
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1d0865b24071cb1c00d2fd8cb755d444e6e8f888

Fixed

1d0865b24071cb1c00d2fd8cb755d444e6e8f888

Fixed

870724a7fef50208515da7bbfa9dfd5d6950e7f5

Fixed

870724a7fef50208515da7bbfa9dfd5d6950e7f5

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6