Search
Find a vulnerability
Search criteria
2 vulnerabilities by pwntools_project
CVE-2020-28468 (GCVE-0-2020-28468)
Vulnerability from nvd – Published: 2021-01-08 11:20 – Updated: 2024-09-16 23:22
VLAI
Title
Improper Control of Generation of Code ('Code Injection')
Summary
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
Severity
CWE
- Improper Control of Generation of Code ('Code Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345 | x_refsource_MISC |
| https://github.com/Gallopsled/pwntools/issues/1427 | x_refsource_MISC |
| https://github.com/Gallopsled/pwntools/pull/1732 | x_refsource_MISC |
Impacted products
Date Public
2021-01-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pwntools",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Arusekk"
}
],
"datePublic": "2021-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:20:13.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
],
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-08T11:16:01.591316Z",
"ID": "CVE-2020-28468",
"STATE": "PUBLIC",
"TITLE": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pwntools",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Arusekk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"name": "https://github.com/Gallopsled/pwntools/issues/1427",
"refsource": "MISC",
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"name": "https://github.com/Gallopsled/pwntools/pull/1732",
"refsource": "MISC",
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28468",
"datePublished": "2021-01-08T11:20:13.794Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:22:02.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28468 (GCVE-0-2020-28468)
Vulnerability from cvelistv5 – Published: 2021-01-08 11:20 – Updated: 2024-09-16 23:22
VLAI
Title
Improper Control of Generation of Code ('Code Injection')
Summary
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
Severity
CWE
- Improper Control of Generation of Code ('Code Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345 | x_refsource_MISC |
| https://github.com/Gallopsled/pwntools/issues/1427 | x_refsource_MISC |
| https://github.com/Gallopsled/pwntools/pull/1732 | x_refsource_MISC |
Impacted products
Date Public
2021-01-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pwntools",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Arusekk"
}
],
"datePublic": "2021-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:20:13.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
],
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-08T11:16:01.591316Z",
"ID": "CVE-2020-28468",
"STATE": "PUBLIC",
"TITLE": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pwntools",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Arusekk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"name": "https://github.com/Gallopsled/pwntools/issues/1427",
"refsource": "MISC",
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"name": "https://github.com/Gallopsled/pwntools/pull/1732",
"refsource": "MISC",
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28468",
"datePublished": "2021-01-08T11:20:13.794Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:22:02.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}