CVE-2020-28468
HIGHpwntools < 4.3.1 - Server-Side Template Injection in Shellcraft Generator
Title source: llmDescription
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
References (3)
Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/Gallopsled/pwntools/issues/1427
Patch, Third Party Advisory x_refsource_misc
https://github.com/Gallopsled/pwntools/pull/1732
Scores
CVSS v3
8.1
EPSS
0.0416
EPSS Percentile
89.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (2)
pwntools_project/pwntools
< 4.3.1
pypi/pwntools
0 - 4.3.1PyPI
Published
Jan 08, 2021
Tracked Since
Feb 18, 2026