GHSA-p8w2-f44p-fmcj, CVE-2008-6954
pypi/Cobbler
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
All versions before 1.2.9
Upgrade to version 1.2.9 or above.
2024-02-12
source |