{"id":"PYSEC-2021-373","details":"Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.","aliases":["CVE-2021-40323","GHSA-cpqf-3c3r-c9g2"],"modified":"2025-10-09T07:55:27.769254Z","published":"2021-10-04T06:15:00Z","references":[{"type":"FIX","url":"https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"},{"type":"WEB","url":"https://github.com/cobbler/cobbler/releases/tag/v3.3.0"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-cpqf-3c3r-c9g2"}],"affected":[{"package":{"name":"cobbler","ecosystem":"PyPI","purl":"pkg:pypi/cobbler"},"ranges":[{"type":"GIT","repo":"https://github.com/cobbler/cobbler","events":[{"introduced":"0"},{"fixed":"d8f60bbf14a838c8c8a1dba98086b223e35fe70a"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.0"}]}],"versions":["0.6.3-2","3.1.2","3.2.1","3.2.2","3.2.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2021-373.yaml"}}],"schema_version":"1.7.3"}