PYSEC-2021-72

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pwntools/PYSEC-2021-72.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-72

Aliases

CVE-2020-28468
GHSA-7xc5-ggpp-g249
SNYK-PYTHON-PWNTOOLS-1047345

Published

2021-01-08T12:15:00Z

Modified

2023-11-08T04:03:27.563618Z

Summary

[none]

Details

This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.

References

Affected packages

PyPI / pwntools

Package

Name: pwntools; View open source insights on deps.dev
Purl: pkg:pypi/pwntools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1

Affected versions

2.*

2.0

2.1.0

2.1.1

2.1.2

2.1.3

2.2

3.*

3.0.0

3.0.1

3.0.2

3.0.4

3.1.0b0

3.1.0b1

3.1.0b2

3.1.0b3

3.1.0

3.1.1

3.2.0b0

3.2.0b2

3.2.0b3

3.2.0b4

3.2.0b5

3.2.0

3.2.1

3.3.0b0

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.4.0b0

3.4.0b1

3.4.0b2

3.4.0b3

3.4.0b4

3.4.0

3.4.1

3.5.0b0

3.5.0b1

3.5.0

3.5.1

3.6.0b0

3.6.0b1

3.6.0

3.6.1

3.7.0b0

3.7.0b1

3.7.0

3.7.1

3.8.0b0

3.8.0b1

3.8.0

3.9.0b0

3.9.0

3.9.1

3.9.2

3.9.3

3.10.0b0

3.10.0b1

3.10.0b2

3.10.0

3.11.0b0

3.11.0

3.12.0b0

3.12.0

3.12.1

3.12.2

3.13.0b0

3.13.0

4.*

4.0.0b0

4.0.0

4.0.1

4.1.0b0

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.2.0b0

4.2.0

4.2.1

4.2.2

4.3.0b0

4.3.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pwntools/PYSEC-2021-72.yaml"