CVE-2020-28468 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1419	python-pwntools	4.3.0-2	4.3.1-1	High	Fixed

References
https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345 https://github.com/Gallopsled/pwntools/issues/1427 https://github.com/Gallopsled/pwntools/pull/1732 https://github.com/Gallopsled/pwntools/commit/138188eb1c027a2d0ffa4151511c407d3a001660

References

https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345
https://github.com/Gallopsled/pwntools/issues/1427
https://github.com/Gallopsled/pwntools/pull/1732
https://github.com/Gallopsled/pwntools/commit/138188eb1c027a2d0ffa4151511c407d3a001660