Lucene search
Veracode Vulnerability DatabaseVERACODE:28946HistoryJan 11, 2021 - 6:23 a.m.
Server-Side Template Injection (SSTI)
2021-01-1106:23:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
pwntools
vulnerability
server-side template injection
arbitrary code
shellcraft
insecure parsing
multiline comment
EPSS
0.033
Percentile
91.5%
pwntools is vulnerable to server-side template injection. An attacker is able to inject and execute arbitrary code via the Shellcraft generation due to insecure parsing of strings that containing end of multiline comment.
Related
nvd
nvd
CVE-2020-28468
2021-01-08 12:15:12
cve
cve
CVE-2020-28468
2021-01-08 12:15:12
github
github
pwntools Server-Side Template Injection (SSTI) vulnerability
2021-04-20 16:13:24
osv
osv
PYSEC-2021-72
2021-01-08 12:15:00
pwntools Server-Side Template Injection (SSTI) vulnerability
2021-04-20 16:13:24
CVE-2020-28468
2021-01-08 12:15:12
prion
prion
Remote code execution
2021-01-08 12:15:00
cvelist
cvelist
CVE-2020-28468 Improper Control of Generation of Code ('Code Injection')
2021-01-08 11:20:13