{"id":"PYSEC-2021-374","details":"Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.","aliases":["CVE-2021-40324","GHSA-4cfr-gjfx-fj3x"],"modified":"2025-10-09T07:55:28.834386Z","published":"2021-10-04T06:15:00Z","references":[{"type":"FIX","url":"https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"},{"type":"WEB","url":"https://github.com/cobbler/cobbler/releases/tag/v3.3.0"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-4cfr-gjfx-fj3x"}],"affected":[{"package":{"name":"cobbler","ecosystem":"PyPI","purl":"pkg:pypi/cobbler"},"ranges":[{"type":"GIT","repo":"https://github.com/cobbler/cobbler","events":[{"introduced":"0"},{"fixed":"d8f60bbf14a838c8c8a1dba98086b223e35fe70a"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.0"}]}],"versions":["0.6.3-2","3.1.2","3.2.1","3.2.2","3.2.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2021-374.yaml"}}],"schema_version":"1.7.3"}