Описание
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.1 (исключая)
cpe:2.3:a:pwntools_project:pwntools:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04817
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 9.8
github
почти 5 лет назад
pwntools Server-Side Template Injection (SSTI) vulnerability
EPSS
Процентиль: 89%
0.04817
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-74