Moderate severityNVD Advisory· Published Oct 27, 2014· Updated May 6, 2026

CVE-2011-4953

Description

The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
cobblerPyPI	< 2.6.0	2.6.0

Affected products

Cobbler Project/Cobbler
cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*
Range: <=2.2.1

Patches

1b4f9ecf0514

Convert all yaml loads to safe_loads for security/safety reasons.

https://github.com/cobbler/cobblerJames CammarataNov 4, 2011via ghsa

commit

12 files changed · +17 −17

apitests/base.py+1 −1 modified

@@ -36,7 +36,7 @@
 def read_config():
     global cfg
     f = open(CONFIG_LOC, 'r')
-    cfg = yaml.load(f)
+    cfg = yaml.safe_load(f)
     f.close()
 
 read_config()

cobbler/api.py+1 −1 modified

@@ -221,7 +221,7 @@ def version(self, extended=False):
         fd = open("/etc/cobbler/version")
         ydata = fd.read()
         fd.close()
-        data = yaml.load(ydata)
+        data = yaml.safe_load(ydata)
         if not extended:
             # for backwards compatibility and use with koan's comparisons
             elems = data["version_tuple"]

cobbler/item.py+1 −1 modified

@@ -245,7 +245,7 @@ def set_mgmt_parameters(self,mgmt_parameters):
             self.mgmt_parameters = mgmt_parameters
         else:
             import yaml
-            data = yaml.load(mgmt_parameters)
+            data = yaml.safe_load(mgmt_parameters)
             if type(data) is not dict:
                 raise CX(_("Input YAML in Puppet Parameter field must evaluate to a dictionary."))
             self.mgmt_parameters = data

cobbler/modules/serializer_catalog.py+4 −4 modified

@@ -134,7 +134,7 @@ def deserialize_item_raw(collection_type, item_name):
     if os.path.exists(filename): 
         fd = open(filename)
         data = fd.read()
-        return yaml.load(data)
+        return yaml.safe_load(data)
     elif os.path.exists(filename2):
         fd = open(filename2)
         data = fd.read()
@@ -166,13 +166,13 @@ def deserialize_raw(collection_type):
    
     if collection_type == "settings":
          fd = open("/etc/cobbler/settings")
-         datastruct = yaml.load(fd.read())
+         datastruct = yaml.safe_load(fd.read())
          fd.close()
          return datastruct
     elif os.path.exists(old_filename):
          # for use in migration from serializer_yaml to serializer_catalog (yaml/json)
          fd = open(old_filename)
-         datastruct = yaml.load(fd.read())
+         datastruct = yaml.safe_load(fd.read())
          fd.close()
          return datastruct
     else:
@@ -192,7 +192,7 @@ def deserialize_raw(collection_type):
              if f.endswith(".json"):
                  datastruct = simplejson.loads(ydata, encoding='utf-8')
              else:
-                 datastruct = yaml.load(ydata)
+                 datastruct = yaml.safe_load(ydata)
              results.append(datastruct)
              fd.close()
          return results

cobbler/modules/serializer_couch.py+1 −1 modified

@@ -109,7 +109,7 @@ def deserialize_raw(collection_type):
 
     if collection_type == "settings":
          fd = open("/etc/cobbler/settings")
-         datastruct = yaml.load(fd.read())
+         datastruct = yaml.safe_load(fd.read())
          fd.close()
          return datastruct
     else:

cobbler/remote.py+2 −2 modified

@@ -1960,7 +1960,7 @@ def _test_setup_modules(authn="authn_testing",authz="authz_allowall",pxe_once=1)
     MODULES_TEMPLATE = "installer_templates/modules.conf.template"
     DEFAULTS = "installer_templates/defaults"
     fh = open(DEFAULTS)
-    data = yaml.load(fh.read())
+    data = yaml.safe_load(fh.read())
     fh.close()
     data["authn_module"] = authn
     data["authz_module"] = authz
@@ -1981,7 +1981,7 @@ def _test_setup_settings(pxe_once=1):
     MODULES_TEMPLATE = "installer_templates/settings.template"
     DEFAULTS = "installer_templates/defaults"
     fh = open(DEFAULTS)
-    data = yaml.load(fh.read())
+    data = yaml.safe_load(fh.read())
     fh.close()
     data["pxe_once"] = pxe_once

cobbler/services.py+1 −1 modified

@@ -437,7 +437,7 @@ def test_services_access():
     assert data.find("gamma") != -1
     assert data.find("3") != -1
     
-    data = yaml.load(data)
+    data = yaml.safe_load(data)
     assert data.has_key("classes")
     assert data.has_key("parameters")

cobbler/utils.py+2 −2 modified

@@ -1981,7 +1981,7 @@ def local_get_cobbler_api_url():
     # Load server and http port
     try:
         fh = open("/etc/cobbler/settings")
-        data = yaml.load(fh.read())
+        data = yaml.safe_load(fh.read())
         fh.close()
     except:
        traceback.print_exc()
@@ -2002,7 +2002,7 @@ def local_get_cobbler_xmlrpc_url():
     # Load xmlrpc port
     try:
         fh = open("/etc/cobbler/settings")
-        data = yaml.load(fh.read())
+        data = yaml.safe_load(fh.read())
         fh.close()
     except:
        traceback.print_exc()

scripts/cobbler-ext-nodes+1 −1 modified

@@ -13,7 +13,7 @@ if __name__ == "__main__":
 
    if hostname is not None:
        conf = open("/etc/cobbler/settings")
-       config = yaml.load(conf.read());
+       config = yaml.safe_load(conf.read());
        conf.close()
        url = "http://%s:%s/cblr/svc/op/puppet/hostname/%s" % (config["server"], config["http_port"], hostname)
        print urlgrabber.urlread(url)

scripts/index.py+1 −1 modified

@@ -109,7 +109,7 @@ def handler(req):
     fd = open("/etc/cobbler/settings")
     data = fd.read()
     fd.close()
-    ydata = yaml.load(data)
+    ydata = yaml.safe_load(data)
     remote_port = ydata.get("xmlrpc_port", 25151)
 
     mode = form.get('mode','index')

scripts/services.py+1 −1 modified

@@ -61,7 +61,7 @@ def application(environ, start_response):
     fd = open("/etc/cobbler/settings")
     data = fd.read()
     fd.close()
-    ydata = yaml.load(data)
+    ydata = yaml.safe_load(data)
     remote_port = ydata.get("xmlrpc_port",25151)
 
     # instantiate a CobblerWeb object

tests/pycallgraph_mod.py+1 −1 modified

@@ -62,7 +62,7 @@ def reset_trace():
     'node_color': lambda calls, : '%f %f %f' % (calls / 2 + .5, calls, 0.9),
     'edge_color': lambda calls, : '%f %f %f' % (calls / 2 + .5, calls, 0.7),
     'exclude_module': [ 
-        'yaml', 'yaml.load', 'yaml.stream', 'sre', 'unittest',
+        'yaml', 'yaml.safe_load', 'yaml.stream', 'sre', 'unittest',
         'sys', 'os', 'subprocess', 'string', 'time', 'test', 'posixpath', 'random',
         'shutil', 'pycallgraph', 'stat', 'tempfile', 'socket', 'glob', 'sub_process', 
         'errno', 'weakref', 'traceback'

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000