Puppet is a client/server (C/S) architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. The vulnerability stems from a failure of the puppetlabs-apt module to properly filter constructed command special characters, commands, etc. An attacker could exploit the vulnerability to cause arbitrary command execution.