Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by pwntools_project
CVE-2020-28468 (GCVE-0-2020-28468)
Vulnerability from cvelistv5 – Published: 2021-01-08 11:20 – Updated: 2024-09-16 23:22
VLAI
Title
Improper Control of Generation of Code ('Code Injection')
Summary
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
Severity
CWE
- Improper Control of Generation of Code ('Code Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345 | x_refsource_MISC |
| https://github.com/Gallopsled/pwntools/issues/1427 | x_refsource_MISC |
| https://github.com/Gallopsled/pwntools/pull/1732 | x_refsource_MISC |
Impacted products
Date Public
2021-01-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pwntools",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Arusekk"
}
],
"datePublic": "2021-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T11:20:13.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
],
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-08T11:16:01.591316Z",
"ID": "CVE-2020-28468",
"STATE": "PUBLIC",
"TITLE": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pwntools",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Arusekk"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"name": "https://github.com/Gallopsled/pwntools/issues/1427",
"refsource": "MISC",
"url": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"name": "https://github.com/Gallopsled/pwntools/pull/1732",
"refsource": "MISC",
"url": "https://github.com/Gallopsled/pwntools/pull/1732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28468",
"datePublished": "2021-01-08T11:20:13.794Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:22:02.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}