Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cobbler@0.6.3.post2
Typepypi
Namespace
Namecobbler
Version0.6.3.post2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.0
Latest_non_vulnerable_version3.3.2
Affected_by_vulnerabilities
0
url VCID-3uqv-f4em-4qag
vulnerability_id VCID-3uqv-f4em-4qag
summary Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
references
0
reference_url https://github.com/advisories/GHSA-cpqf-3c3r-c9g2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-cpqf-3c3r-c9g2
1
reference_url https://github.com/cobbler/cobbler
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler
2
reference_url https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
3
reference_url https://github.com/cobbler/cobbler/releases/tag/v3.3.0
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases/tag/v3.3.0
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-373.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-373.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40323
reference_id CVE-2021-40323
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-40323
fixed_packages
0
url pkg:pypi/cobbler@3.3.0
purl pkg:pypi/cobbler@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gxpd-rmnn-67cm
1
vulnerability VCID-n8d7-2mjk-wbc8
2
vulnerability VCID-nrb3-t9dq-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.0
aliases CVE-2021-40323, GHSA-cpqf-3c3r-c9g2, PYSEC-2021-373
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3uqv-f4em-4qag
1
url VCID-gxpd-rmnn-67cm
vulnerability_id VCID-gxpd-rmnn-67cm
summary An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
references
0
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1193671
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=1193671
1
reference_url https://github.com/advisories/GHSA-5946-mpw5-pqxx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5946-mpw5-pqxx
2
reference_url https://github.com/cobbler/cobbler
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler
3
reference_url https://github.com/cobbler/cobbler/commit/10b2112db83fedfc391e900edfedc2b4e507d3f7
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/commit/10b2112db83fedfc391e900edfedc2b4e507d3f7
4
reference_url https://github.com/cobbler/cobbler/pull/2945
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/pull/2945
5
reference_url https://github.com/cobbler/cobbler/releases
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases
6
reference_url https://github.com/cobbler/cobbler/releases/tag/v3.3.1
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases/tag/v3.3.1
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-38.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-38.yaml
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE
11
reference_url https://www.openwall.com/lists/oss-security/2022/02/18/3
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2022/02/18/3
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45083
reference_id CVE-2021-45083
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-45083
fixed_packages
0
url pkg:pypi/cobbler@3.3.1
purl pkg:pypi/cobbler@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8d7-2mjk-wbc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.1
aliases CVE-2021-45083, GHSA-5946-mpw5-pqxx, PYSEC-2022-38
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxpd-rmnn-67cm
2
url VCID-hpkx-7ure-6qbf
vulnerability_id VCID-hpkx-7ure-6qbf
summary Cobbler before 3.3.0 allows authorization bypass for modification of settings.
references
0
reference_url https://github.com/advisories/GHSA-cr3f-r24j-3chw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-cr3f-r24j-3chw
1
reference_url https://github.com/cobbler/cobbler
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler
2
reference_url https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
3
reference_url https://github.com/cobbler/cobbler/releases/tag/v3.3.0
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases/tag/v3.3.0
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-375.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-375.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40325
reference_id CVE-2021-40325
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-40325
fixed_packages
0
url pkg:pypi/cobbler@3.3.0
purl pkg:pypi/cobbler@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gxpd-rmnn-67cm
1
vulnerability VCID-n8d7-2mjk-wbc8
2
vulnerability VCID-nrb3-t9dq-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.0
aliases CVE-2021-40325, GHSA-cr3f-r24j-3chw, PYSEC-2021-375
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpkx-7ure-6qbf
3
url VCID-n8d7-2mjk-wbc8
vulnerability_id VCID-n8d7-2mjk-wbc8
summary Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
references
0
reference_url https://github.com/advisories/GHSA-mcg6-h362-cmq5
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-mcg6-h362-cmq5
1
reference_url https://github.com/cobbler/cobbler
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler
2
reference_url https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-177.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2022-177.yaml
4
reference_url https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d
reference_id
reference_type
scores
url https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0860
reference_id CVE-2022-0860
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-0860
12
reference_url https://github.com/cobbler/cobbler/security/advisories/GHSA-mcg6-h362-cmq5
reference_id GHSA-mcg6-h362-cmq5
reference_type
scores
url https://github.com/cobbler/cobbler/security/advisories/GHSA-mcg6-h362-cmq5
fixed_packages
0
url pkg:pypi/cobbler@3.3.2
purl pkg:pypi/cobbler@3.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.2
aliases CVE-2022-0860, GHSA-mcg6-h362-cmq5, PYSEC-2022-177
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8d7-2mjk-wbc8
4
url VCID-nrb3-t9dq-x7hw
vulnerability_id VCID-nrb3-t9dq-x7hw
summary An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
references
0
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1193678
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=1193678
1
reference_url https://github.com/advisories/GHSA-6cm4-gm85-972c
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-6cm4-gm85-972c
2
reference_url https://github.com/cobbler/cobbler/pull/2945
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/pull/2945
3
reference_url https://github.com/cobbler/cobbler/releases
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases
4
reference_url https://github.com/cobbler/cobbler/releases/tag/v3.3.1
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases/tag/v3.3.1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-45082
reference_id CVE-2021-45082
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-45082
fixed_packages
0
url pkg:pypi/cobbler@3.3.1
purl pkg:pypi/cobbler@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n8d7-2mjk-wbc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.1
aliases CVE-2021-45082, GHSA-6cm4-gm85-972c, PYSEC-2022-37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrb3-t9dq-x7hw
5
url VCID-y965-s4eq-vfee
vulnerability_id VCID-y965-s4eq-vfee
summary Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
references
0
reference_url https://github.com/advisories/GHSA-4cfr-gjfx-fj3x
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-4cfr-gjfx-fj3x
1
reference_url https://github.com/cobbler/cobbler
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler
2
reference_url https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
3
reference_url https://github.com/cobbler/cobbler/releases/tag/v3.3.0
reference_id
reference_type
scores
url https://github.com/cobbler/cobbler/releases/tag/v3.3.0
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-374.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-374.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40324
reference_id CVE-2021-40324
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-40324
fixed_packages
0
url pkg:pypi/cobbler@3.3.0
purl pkg:pypi/cobbler@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gxpd-rmnn-67cm
1
vulnerability VCID-n8d7-2mjk-wbc8
2
vulnerability VCID-nrb3-t9dq-x7hw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@3.3.0
aliases CVE-2021-40324, GHSA-4cfr-gjfx-fj3x, PYSEC-2021-374
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y965-s4eq-vfee
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cobbler@0.6.3.post2