The set_mgmt_parameters
function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load
function instead of the yaml.safe_load function
, as demonstrated using Puppet.
{ "nvd_published_at": "2014-10-27T01:55:00Z", "cwe_ids": [ "CWE-20", "CWE-94" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-15T20:50:34Z" }