CVE-2020-28468 - log back

CVE-2020-28468 edited at 08 Jan 2021 13:26:34
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
References
+ https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345
+ https://github.com/Gallopsled/pwntools/issues/1427
+ https://github.com/Gallopsled/pwntools/pull/1732
+ https://github.com/Gallopsled/pwntools/commit/138188eb1c027a2d0ffa4151511c407d3a001660
Notes
CVE-2020-28468 created at 08 Jan 2021 13:24:22