The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted catalog request. Successful exploitation allows attackers to execute arbitrary code.