CVE-2020-28468: pwntools Server-Side Template Injection (SSTI) vulnerability
(updated )
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
References
- github.com/Gallopsled/pwntools
- github.com/Gallopsled/pwntools/commit/138188eb1c027a2d0ffa4151511c407d3a001660
- github.com/Gallopsled/pwntools/issues/1427
- github.com/Gallopsled/pwntools/pull/1732
- github.com/advisories/GHSA-7xc5-ggpp-g249
- github.com/pypa/advisory-database/tree/main/vulns/pwntools/PYSEC-2021-72.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-28468
- snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345
Detect and mitigate CVE-2020-28468 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →