CVE-2020-28468
- Source
- https://cve.org/CVERecord?id=CVE-2020-28468
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28468.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-28468
- Aliases
-
- GHSA-7xc5-ggpp-g249
- PYSEC-2021-72
- SNYK-PYTHON-PWNTOOLS-1047345
- Related
- Published
- 2021-01-08T12:15:12.687Z
- Modified
- 2025-11-20T11:24:52.900128Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
- References
Affected packages
Git / github.com/gallopsled/pwntools
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gallopsled/pwntools
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.1.0
2.1.1
2.1.2
2.1.3
2.2
2.2.0
2.3.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0
3.1.0beta0
3.1.0beta1
3.1.0beta2
3.1.0beta3
3.1.1
3.10.0
3.10.0beta0
3.10.0beta1
3.10.0beta2
3.11.0
3.11.0beta0
3.12.0
3.12.0beta0
3.12.1
3.13.0
3.13.0beta0
3.2.0
3.2.0beta0
3.2.0beta1
3.2.0beta2
3.2.0beta3
3.2.0beta4
3.2.0beta5
3.2.1
3.3.0
3.3.0beta0
3.3.1
3.3.2
3.3.4
3.4.0
3.4.0beta0
3.4.0beta1
3.4.0beta2
3.4.0beta4
3.4.1
3.5.0
3.5.0beta0
3.5.0beta1
3.5.1
3.6.0
3.6.0beta0
3.6.0beta1
3.6.1
3.7.0
3.7.0beta0
3.7.0beta1
3.7.1
3.8.0
3.8.0beta0
3.8.0beta1
3.9.0
3.9.0beta0
3.9.1
3.9.2
4.*
4.0.0
4.0.0beta0
4.0.1
4.1.0
4.1.0beta0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.7
4.2.0
4.2.0beta0
4.2.1
4.2.2
4.3.0
4.3.0beta0