Lucene search
SnykCVELIST:CVE-2020-28468HistoryJan 08, 2021 - 11:20 a.m.
CVE-2020-28468 Improper Control of Generation of Code ('Code Injection')
2021-01-0811:20:13
snyk
www.cve.org
2
pwntools package
code injection
remote code execution
ssti
vulnerability
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
AI Score
10
Confidence
High
EPSS
0.033
Percentile
91.5%
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
CNA Affected
[
{
"product": "pwntools",
"vendor": "n/a",
"versions": [
{
"lessThan": "4.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2020-28468
2021-01-08 12:15:12
cve
cve
CVE-2020-28468
2021-01-08 12:15:12
veracode
veracode
Server-Side Template Injection (SSTI)
2021-01-11 06:23:12
github
github
pwntools Server-Side Template Injection (SSTI) vulnerability
2021-04-20 16:13:24
osv
osv
PYSEC-2021-72
2021-01-08 12:15:00
pwntools Server-Side Template Injection (SSTI) vulnerability
2021-04-20 16:13:24
CVE-2020-28468
2021-01-08 12:15:12
prion
prion
Remote code execution
2021-01-08 12:15:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
AI Score
10
Confidence
High
EPSS
0.033
Percentile
91.5%
Related for CVELIST:CVE-2020-28468