PYSEC-2021-72
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pwntools/PYSEC-2021-72.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2021-72
- Aliases
-
- CVE-2020-28468
- GHSA-7xc5-ggpp-g249
- SNYK-PYTHON-PWNTOOLS-1047345
- Published
- 2021-01-08T12:15:00Z
- Modified
- 2023-11-08T04:03:27.563618Z
- Summary
- [none]
- Details
-
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
- References
Affected packages
PyPI / pwntools
Package
- Name
- pwntools
- View open source insights on deps.dev
- Purl
- pkg:pypi/pwntools
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.1
Affected versions
2.*
2.0
2.1.0
2.1.1
2.1.2
2.1.3
2.2
3.*
3.0.0
3.0.1
3.0.2
3.0.4
3.1.0b0
3.1.0b1
3.1.0b2
3.1.0b3
3.1.0
3.1.1
3.2.0b0
3.2.0b2
3.2.0b3
3.2.0b4
3.2.0b5
3.2.0
3.2.1
3.3.0b0
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.4.0b0
3.4.0b1
3.4.0b2
3.4.0b3
3.4.0b4
3.4.0
3.4.1
3.5.0b0
3.5.0b1
3.5.0
3.5.1
3.6.0b0
3.6.0b1
3.6.0
3.6.1
3.7.0b0
3.7.0b1
3.7.0
3.7.1
3.8.0b0
3.8.0b1
3.8.0
3.9.0b0
3.9.0
3.9.1
3.9.2
3.9.3
3.10.0b0
3.10.0b1
3.10.0b2
3.10.0
3.11.0b0
3.11.0
3.12.0b0
3.12.0
3.12.1
3.12.2
3.13.0b0
3.13.0
4.*
4.0.0b0
4.0.0
4.0.1
4.1.0b0
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.2.0b0
4.2.0
4.2.1
4.2.2
4.3.0b0
4.3.0