CVE-2008-6954

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in pypi/Cobbler

Identifiers

GHSA-p8w2-f44p-fmcj, CVE-2008-6954

Package Slug

pypi/Cobbler

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

Affected Versions

All versions before 1.2.9

Solution

Upgrade to version 1.2.9 or above.

Last Modified

2024-02-12

source