Lucene search

GoogleOSV:GHSA-6CM4-GM85-972C

HistoryFeb 20, 2022 - 12:00 a.m.

Command Injection in Cobbler

2022-02-2000:00:35

Google

osv.dev

0.001 Low

EPSS

Percentile

35.5%

JSON

An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the “#from MODULE import” substring. (Only lines beginning with #import are blocked.)

CPENameOperatorVersion
cobblereq3.2.2
cobblereq3.2.1
cobblereq3.3.0
cobblereq0.6.3-2
cobblereq3.1.2

Name	Operator	Version
cobbler	eq	3.2.2
cobbler	eq	3.2.1
cobbler	eq	3.3.0
cobbler	eq	0.6.3-2
cobbler	eq	3.1.2

References

bugzilla.suse.com/show_bug.cgi?id=1193678

github.com/cobbler/cobbler

github.com/cobbler/cobbler/pull/2945

github.com/cobbler/cobbler/releases

github.com/cobbler/cobbler/releases/tag/v3.3.1

lists.fedoraproject.org/archives/list/[email protected]/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW

lists.fedoraproject.org/archives/list/[email protected]/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR

lists.fedoraproject.org/archives/list/[email protected]/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE

nvd.nist.gov/vuln/detail/CVE-2021-45082

0.001 Low

EPSS

Percentile

35.5%

JSON

Related for OSV:GHSA-6CM4-GM85-972C