The below post has a list of Puppet Products that has been impacted by Log4j vulnerability. For Puppet Enterprise Continuous Delivery a patch has been released along with the Mitigation steps which can be applied.Another product that was impacted is Puppet Comply
| Puppet Product | Versions | Status | Patched |
|---|---|---|---|
| Puppet Comply impact | All | Vulnerable | Mitigations |
| Puppet agents | All | Not Vulnerable | Not Needed |
| Puppet Enterprise | All | Not Vulnerable | Not Needed |
| Puppet Enterprise (Continuous Delivery) | All | Vulnerable | Mitigations |
| Puppet Service | All | Not Vulnerable | Not Needed |
Comply Impact: According to Puppet, they have been with a Vendor who has authored Puppet Comply to bring in a patch as soon as possible