Moderate severityNVD Advisory· Published Oct 27, 2014· Updated Jun 16, 2026
CVE-2011-4953
CVE-2011-4953
Description
The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cobblerPyPI | < 2.6.0 | 2.6.0 |
Affected products
6- ghsa-coords5 versionspkg:pypi/cobblerpkg:rpm/opensuse/cobbler&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/cobbler&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/koan&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cobbler&distro=SUSE%20Package%20Hub%2015%20SP2
< 2.6.0+ 4 more
- (no CPE)range: < 2.6.0
- (no CPE)range: < 3.1.2-lp152.6.3.1
- (no CPE)range: < 3.2.1.336+git.5639a3af-1.1
- (no CPE)range: < 3.0.1-1.2
- (no CPE)range: < 3.1.2-bp152.4.3.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-hpj3-5p46-g87wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4953ghsaADVISORY
- lists.opensuse.org/opensuse-security-announce/2012-04/msg00019.htmlnvdWEB
- bugs.launchpad.net/ubuntu/oneiric/+source/cobbler/+bug/858883nvdWEB
- bugzilla.novell.com/show_bug.cginvdWEB
- github.com/cobbler/cobbler/commit/1b4f9ecf051422eb8512794701900f6199651442ghsaWEB
News mentions
0No linked articles in our index yet.