Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    PYSEC-2021-72

    Vulnerability from pysec - Published: 2021-01-08 12:15 - Updated: 2021-01-12 19:55
    VLAI
    Details

    This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.

    Impacted products
    Name purl
    pwntools pkg:pypi/pwntools

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "pwntools",
            "purl": "pkg:pypi/pwntools"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "4.3.1"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "2.0",
            "2.1.0",
            "2.1.1",
            "2.1.2",
            "2.1.3",
            "2.2",
            "3.0.0",
            "3.0.1",
            "3.0.2",
            "3.0.4",
            "3.1.0b0",
            "3.1.0b1",
            "3.1.0b2",
            "3.1.0b3",
            "3.1.0",
            "3.1.1",
            "3.2.0b0",
            "3.2.0b2",
            "3.2.0b3",
            "3.2.0b4",
            "3.2.0b5",
            "3.2.0",
            "3.2.1",
            "3.3.0b0",
            "3.3.0",
            "3.3.1",
            "3.3.2",
            "3.3.3",
            "3.3.4",
            "3.4.0b0",
            "3.4.0b1",
            "3.4.0b2",
            "3.4.0b3",
            "3.4.0b4",
            "3.4.0",
            "3.4.1",
            "3.5.0b0",
            "3.5.0b1",
            "3.5.0",
            "3.5.1",
            "3.6.0b0",
            "3.6.0b1",
            "3.6.0",
            "3.6.1",
            "3.7.0b0",
            "3.7.0b1",
            "3.7.0",
            "3.7.1",
            "3.8.0b0",
            "3.8.0b1",
            "3.8.0",
            "3.9.0b0",
            "3.9.0",
            "3.9.1",
            "3.9.2",
            "3.9.3",
            "3.10.0b0",
            "3.10.0b1",
            "3.10.0b2",
            "3.10.0",
            "3.11.0b0",
            "3.11.0",
            "3.12.0b0",
            "3.12.0",
            "3.12.1",
            "3.12.2",
            "3.13.0b0",
            "3.13.0",
            "4.0.0b0",
            "4.0.0",
            "4.0.1",
            "4.1.0b0",
            "4.1.0",
            "4.1.1",
            "4.1.2",
            "4.1.3",
            "4.1.4",
            "4.1.5",
            "4.1.6",
            "4.1.7",
            "4.2.0b0",
            "4.2.0",
            "4.2.1",
            "4.2.2",
            "4.3.0b0",
            "4.3.0"
          ]
        }
      ],
      "aliases": [
        "CVE-2020-28468",
        "SNYK-PYTHON-PWNTOOLS-1047345",
        "GHSA-7xc5-ggpp-g249"
      ],
      "details": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.",
      "id": "PYSEC-2021-72",
      "modified": "2021-01-12T19:55:00Z",
      "published": "2021-01-08T12:15:00Z",
      "references": [
        {
          "type": "REPORT",
          "url": "https://github.com/Gallopsled/pwntools/issues/1427"
        },
        {
          "type": "ADVISORY",
          "url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
        },
        {
          "type": "WEB",
          "url": "https://github.com/Gallopsled/pwntools/pull/1732"
        },
        {
          "type": "ADVISORY",
          "url": "https://github.com/advisories/GHSA-7xc5-ggpp-g249"
        }
      ]
    }