Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Related vulnerabilities

PYSEC-2021-72

Vulnerability from pysec - Published: 2021-01-08 12:15 - Updated: 2021-01-12 19:55
VLAI?
Details

This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.

Impacted products
Name purl
pwntools pkg:pypi/pwntools
Aliases
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pwntools",
        "purl": "pkg:pypi/pwntools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.2",
        "3.0.0",
        "3.0.1",
        "3.0.2",
        "3.0.4",
        "3.1.0b0",
        "3.1.0b1",
        "3.1.0b2",
        "3.1.0b3",
        "3.1.0",
        "3.1.1",
        "3.2.0b0",
        "3.2.0b2",
        "3.2.0b3",
        "3.2.0b4",
        "3.2.0b5",
        "3.2.0",
        "3.2.1",
        "3.3.0b0",
        "3.3.0",
        "3.3.1",
        "3.3.2",
        "3.3.3",
        "3.3.4",
        "3.4.0b0",
        "3.4.0b1",
        "3.4.0b2",
        "3.4.0b3",
        "3.4.0b4",
        "3.4.0",
        "3.4.1",
        "3.5.0b0",
        "3.5.0b1",
        "3.5.0",
        "3.5.1",
        "3.6.0b0",
        "3.6.0b1",
        "3.6.0",
        "3.6.1",
        "3.7.0b0",
        "3.7.0b1",
        "3.7.0",
        "3.7.1",
        "3.8.0b0",
        "3.8.0b1",
        "3.8.0",
        "3.9.0b0",
        "3.9.0",
        "3.9.1",
        "3.9.2",
        "3.9.3",
        "3.10.0b0",
        "3.10.0b1",
        "3.10.0b2",
        "3.10.0",
        "3.11.0b0",
        "3.11.0",
        "3.12.0b0",
        "3.12.0",
        "3.12.1",
        "3.12.2",
        "3.13.0b0",
        "3.13.0",
        "4.0.0b0",
        "4.0.0",
        "4.0.1",
        "4.1.0b0",
        "4.1.0",
        "4.1.1",
        "4.1.2",
        "4.1.3",
        "4.1.4",
        "4.1.5",
        "4.1.6",
        "4.1.7",
        "4.2.0b0",
        "4.2.0",
        "4.2.1",
        "4.2.2",
        "4.3.0b0",
        "4.3.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28468",
    "SNYK-PYTHON-PWNTOOLS-1047345",
    "GHSA-7xc5-ggpp-g249"
  ],
  "details": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.",
  "id": "PYSEC-2021-72",
  "modified": "2021-01-12T19:55:00Z",
  "published": "2021-01-08T12:15:00Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://github.com/Gallopsled/pwntools/issues/1427"
    },
    {
      "type": "ADVISORY",
      "url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Gallopsled/pwntools/pull/1732"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-7xc5-ggpp-g249"
    }
  ]
}