Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6cm4-gm85-972c

Опубликовано: 20 фев. 2022
Источник: github
Github: Прошло ревью
CVSS4: 8.5
CVSS3: 7.8

Описание

Command Injection in Cobbler

An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

Ссылки

Пакеты

Наименование

cobbler

pip
Затронутые версииВерсия исправления

< 3.3.1

3.3.1

EPSS

Процентиль: 13%
0.00043
Низкий

8.5 High

CVSS4

7.8 High

CVSS3

CVE ID

CVE-2021-45082

Дефекты

CWE-77

Связанные уязвимости

ubuntu логотип

CVE-2021-45082

CVSS3: 7.8
ubuntu
почти 4 года назад

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

redhat логотип

CVE-2021-45082

CVSS3: 7.8
redhat
почти 4 года назад

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

nvd логотип

CVE-2021-45082

CVSS3: 7.8
nvd
почти 4 года назад

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

debian логотип

CVE-2021-45082

CVSS3: 7.8
debian
почти 4 года назад

An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...

EPSS

Процентиль: 13%
0.00043
Низкий

8.5 High

CVSS4

7.8 High

CVSS3

CVE ID

CVE-2021-45082

Дефекты

CWE-77