High severityNVD Advisory· Published Feb 18, 2022· Updated Aug 4, 2024
CVE-2021-45082
CVE-2021-45082
Description
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cobblerPyPI | < 3.3.1 | 3.3.1 |
Affected products
5- ghsa-coords4 versionspkg:pypi/cobblerpkg:rpm/opensuse/cobbler&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.2
< 3.3.1+ 3 more
- (no CPE)range: < 3.3.1
- (no CPE)range: < 3.3.1.0+git.f5b0599a-1.1
- (no CPE)range: < 3.0.0+git20190806.32c4bae0-8.22.9.1
- (no CPE)range: < 3.1.2-150300.5.14.1
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-6cm4-gm85-972cghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2021-45082ghsaADVISORY
- bugzilla.suse.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/cobbler/cobbler/pull/2945ghsaWEB
- github.com/cobbler/cobbler/releasesghsax_refsource_MISCWEB
- github.com/cobbler/cobbler/releases/tag/v3.3.1ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-37.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIWghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLARghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBEghsaWEB
News mentions
0No linked articles in our index yet.