Опубликовано: 20 апр. 2021
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 9.8
Описание
pwntools Server-Side Template Injection (SSTI) vulnerability
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-28468
- https://github.com/Gallopsled/pwntools/issues/1427
- https://github.com/Gallopsled/pwntools/pull/1732
- https://github.com/Gallopsled/pwntools/commit/138188eb1c027a2d0ffa4151511c407d3a001660
- https://github.com/advisories/GHSA-7xc5-ggpp-g249
- https://github.com/pypa/advisory-database/tree/main/vulns/pwntools/PYSEC-2021-72.yaml
- https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345
Пакеты
Наименование
pwntools
pip
Затронутые версииВерсия исправления
< 4.3.1
4.3.1
Связанные уязвимости
CVSS3: 8.1
nvd
около 5 лет назад
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.