[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-40323":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":63,"duplicate_of":9,"upstream":66,"downstream":67,"duplicates":78,"related":79,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":94,"kevs":129,"epss":130,"epss_history":133,"metrics":329,"affected":343},"CVE-2021-40323","Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[64,65],"GHSA-cpqf-3c3r-c9g2","PYSEC-2021-373",[],[68,70,72,74,76],{"_key":69},"SUSE-SU-2021:3151-1",{"_key":71},"SUSE-RU-2021:3162-1",{"_key":73},"SUSE-SU-2021:3170-1",{"_key":75},"UBUNTU-CVE-2021-40323",{"_key":77},"USN-6475-1",[],[80,81,82],{"_key":69},{"_key":71},{"_key":73},"2021-10-04T05:37:50.000Z","2024-08-04T02:27:31.884Z","Modified",{"cisa_kev":87,"cisa_ransomware":87,"cisa_vendor":9,"epss_severity":88,"epss_score":89,"severity":88,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":85},false,"critical",0.93171,9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[95,106,111,116,120,125],{"url":96,"sources":97,"tags":100},"https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",[98,92,99],"cve.org","osv_pypi",[101,102,103,104,105],"X Refsource MISC","Patch","Third Party Advisory","WEB","FIX",{"url":107,"sources":108,"tags":109},"https://github.com/cobbler/cobbler/releases/tag/v3.3.0",[98,92,99],[101,110,103,104],"Product",{"url":112,"sources":113,"tags":114},"https://nvd.nist.gov/vuln/detail/CVE-2021-40323",[99],[115],"Advisory",{"url":117,"sources":118,"tags":119},"https://github.com/advisories/GHSA-cpqf-3c3r-c9g2",[99],[115],{"url":121,"sources":122,"tags":123},"https://github.com/cobbler/cobbler",[99],[124],"PACKAGE",{"url":126,"sources":127,"tags":128},"https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-373.yaml",[99],[104],[],{"date":131,"score":89,"percentile":132},"2026-06-04",0.99805,[134,138,141,144,146,148,150,152,154,156,158,160,162,164,166,170,172,174,178,180,183,186,188,190,193,196,198,200,203,205,207,209,211,213,215,217,219,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326],{"date":135,"score":136,"percentile":137},"2025-11-04",0.93927,0.99869,{"date":139,"score":136,"percentile":140},"2025-11-05",0.9987,{"date":142,"score":136,"percentile":143},"2025-11-06",0.99871,{"date":145,"score":136,"percentile":140},"2025-11-07",{"date":147,"score":136,"percentile":140},"2025-11-08",{"date":149,"score":136,"percentile":140},"2025-11-09",{"date":151,"score":136,"percentile":140},"2025-11-10",{"date":153,"score":136,"percentile":140},"2025-11-11",{"date":155,"score":136,"percentile":140},"2025-11-12",{"date":157,"score":136,"percentile":140},"2025-11-13",{"date":159,"score":136,"percentile":140},"2025-11-14",{"date":161,"score":136,"percentile":143},"2025-11-15",{"date":163,"score":136,"percentile":140},"2025-11-16",{"date":165,"score":136,"percentile":140},"2025-11-17",{"date":167,"score":168,"percentile":169},"2025-11-18",0.92281,0.99784,{"date":171,"score":168,"percentile":169},"2025-11-19",{"date":173,"score":168,"percentile":169},"2025-11-20",{"date":175,"score":176,"percentile":177},"2025-11-21",0.93459,0.9981,{"date":179,"score":176,"percentile":177},"2025-11-22",{"date":181,"score":176,"percentile":182},"2025-11-23",0.99809,{"date":184,"score":89,"percentile":185},"2025-11-24",0.99782,{"date":187,"score":89,"percentile":185},"2025-11-25",{"date":189,"score":89,"percentile":185},"2025-11-26",{"date":191,"score":89,"percentile":192},"2025-11-27",0.99781,{"date":194,"score":89,"percentile":195},"2025-11-28",0.9978,{"date":197,"score":89,"percentile":192},"2025-11-29",{"date":199,"score":89,"percentile":195},"2025-11-30",{"date":201,"score":202,"percentile":185},"2025-12-01",0.93126,{"date":204,"score":202,"percentile":185},"2025-12-02",{"date":206,"score":202,"percentile":192},"2025-12-03",{"date":208,"score":89,"percentile":192},"2025-12-04",{"date":210,"score":89,"percentile":195},"2025-12-05",{"date":212,"score":89,"percentile":195},"2025-12-06",{"date":214,"score":89,"percentile":192},"2025-12-07",{"date":216,"score":89,"percentile":185},"2025-12-08",{"date":218,"score":89,"percentile":185},"2025-12-09",{"date":220,"score":89,"percentile":221},"2025-12-10",0.99783,{"date":223,"score":89,"percentile":185},"2025-12-11",{"date":225,"score":89,"percentile":185},"2025-12-12",{"date":227,"score":89,"percentile":185},"2025-12-13",{"date":229,"score":89,"percentile":221},"2025-12-14",{"date":231,"score":89,"percentile":221},"2025-12-15",{"date":233,"score":89,"percentile":221},"2025-12-16",{"date":235,"score":89,"percentile":221},"2025-12-17",{"date":237,"score":89,"percentile":185},"2025-12-18",{"date":239,"score":89,"percentile":185},"2025-12-19",{"date":241,"score":89,"percentile":185},"2025-12-20",{"date":243,"score":89,"percentile":185},"2025-12-21",{"date":245,"score":89,"percentile":185},"2025-12-22",{"date":247,"score":89,"percentile":185},"2025-12-23",{"date":249,"score":89,"percentile":185},"2025-12-24",{"date":251,"score":89,"percentile":192},"2025-12-25",{"date":253,"score":89,"percentile":192},"2025-12-26",{"date":255,"score":89,"percentile":195},"2025-12-27",{"date":257,"score":89,"percentile":195},"2025-12-28",{"date":259,"score":89,"percentile":195},"2025-12-29",{"date":261,"score":89,"percentile":195},"2025-12-30",{"date":263,"score":89,"percentile":195},"2025-12-31",{"date":265,"score":202,"percentile":185},"2026-01-01",{"date":267,"score":202,"percentile":185},"2026-01-02",{"date":269,"score":202,"percentile":185},"2026-01-03",{"date":271,"score":89,"percentile":195},"2026-01-04",{"date":273,"score":89,"percentile":195},"2026-01-05",{"date":275,"score":89,"percentile":195},"2026-01-06",{"date":277,"score":89,"percentile":195},"2026-01-07",{"date":279,"score":89,"percentile":195},"2026-01-08",{"date":281,"score":89,"percentile":195},"2026-01-09",{"date":283,"score":89,"percentile":192},"2026-01-10",{"date":285,"score":89,"percentile":192},"2026-01-11",{"date":287,"score":89,"percentile":185},"2026-01-12",{"date":289,"score":89,"percentile":185},"2026-01-13",{"date":291,"score":89,"percentile":185},"2026-01-14",{"date":293,"score":89,"percentile":221},"2026-01-15",{"date":295,"score":89,"percentile":221},"2026-01-16",{"date":297,"score":89,"percentile":169},"2026-01-17",{"date":299,"score":89,"percentile":221},"2026-01-18",{"date":301,"score":89,"percentile":221},"2026-01-19",{"date":303,"score":89,"percentile":185},"2026-01-20",{"date":305,"score":89,"percentile":221},"2026-01-21",{"date":307,"score":89,"percentile":221},"2026-01-22",{"date":309,"score":89,"percentile":221},"2026-01-23",{"date":311,"score":89,"percentile":221},"2026-01-24",{"date":313,"score":89,"percentile":221},"2026-01-25",{"date":315,"score":89,"percentile":221},"2026-01-26",{"date":317,"score":89,"percentile":221},"2026-01-27",{"date":319,"score":89,"percentile":221},"2026-01-28",{"date":321,"score":89,"percentile":221},"2026-01-29",{"date":323,"score":89,"percentile":169},"2026-01-30",{"date":325,"score":89,"percentile":169},"2026-01-31",{"date":327,"score":202,"percentile":328},"2026-02-01",0.99785,[330,338],{"source":92,"cvss_v2_0":331,"cvss_v3_0":9,"cvss_v3_1":336,"cvss_v4_0":9},{"baseScore":332,"baseSeverity":9,"vectorString":333,"impactScore":334,"exploitabilityScore":335},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":90,"baseSeverity":337,"vectorString":93,"impactScore":90,"exploitabilityScore":335},"CRITICAL",{"source":99,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":339,"cvss_v4_0":340},{"baseScore":90,"baseSeverity":9,"vectorString":93,"impactScore":90,"exploitabilityScore":335},{"baseScore":341,"baseSeverity":9,"vectorString":342,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",[344,355],{"ecosystem":9,"name":345,"vendor":346,"product":345,"cpe_part":347,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":348},"cobbler","cobbler_project","a",[349],{"version":350,"is_range":351,"range_type":352,"version_start":9,"version_start_type":9,"version_end":353,"version_end_type":354,"fixed_in":9},"lte3.3.0",true,"cpe","3.3.0","including",{"ecosystem":356,"name":345,"vendor":356,"product":345,"cpe_part":9,"purl_type":357,"purl_namespace":9,"purl_name":345,"source":9,"versions":358},"PyPI","pypi",[359,364],{"version":360,"is_range":351,"range_type":361,"version_start":9,"version_start_type":9,"version_end":362,"version_end_type":363,"fixed_in":9},"ltd8f60bbf14a838c8c8a1dba98086b223e35fe70a","ecosystem","d8f60bbf14a838c8c8a1dba98086b223e35fe70a","excluding",{"version":365,"is_range":351,"range_type":361,"version_start":9,"version_start_type":9,"version_end":353,"version_end_type":363,"fixed_in":9},"lt3_3_0"]