{"id":"PYSEC-2021-72","details":"This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.","aliases":["CVE-2020-28468","GHSA-7xc5-ggpp-g249","SNYK-PYTHON-PWNTOOLS-1047345"],"modified":"2023-11-08T04:03:27.563618Z","published":"2021-01-08T12:15:00Z","references":[{"type":"REPORT","url":"https://github.com/Gallopsled/pwntools/issues/1427"},{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"},{"type":"WEB","url":"https://github.com/Gallopsled/pwntools/pull/1732"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-7xc5-ggpp-g249"}],"affected":[{"package":{"name":"pwntools","ecosystem":"PyPI","purl":"pkg:pypi/pwntools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.1"}]}],"versions":["2.0","2.1.0","2.1.1","2.1.2","2.1.3","2.2","3.0.0","3.0.1","3.0.2","3.0.4","3.1.0b0","3.1.0b1","3.1.0b2","3.1.0b3","3.1.0","3.1.1","3.2.0b0","3.2.0b2","3.2.0b3","3.2.0b4","3.2.0b5","3.2.0","3.2.1","3.3.0b0","3.3.0","3.3.1","3.3.2","3.3.3","3.3.4","3.4.0b0","3.4.0b1","3.4.0b2","3.4.0b3","3.4.0b4","3.4.0","3.4.1","3.5.0b0","3.5.0b1","3.5.0","3.5.1","3.6.0b0","3.6.0b1","3.6.0","3.6.1","3.7.0b0","3.7.0b1","3.7.0","3.7.1","3.8.0b0","3.8.0b1","3.8.0","3.9.0b0","3.9.0","3.9.1","3.9.2","3.9.3","3.10.0b0","3.10.0b1","3.10.0b2","3.10.0","3.11.0b0","3.11.0","3.12.0b0","3.12.0","3.12.1","3.12.2","3.13.0b0","3.13.0","4.0.0b0","4.0.0","4.0.1","4.1.0b0","4.1.0","4.1.1","4.1.2","4.1.3","4.1.4","4.1.5","4.1.6","4.1.7","4.2.0b0","4.2.0","4.2.1","4.2.2","4.3.0b0","4.3.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pwntools/PYSEC-2021-72.yaml"}}],"schema_version":"1.7.3"}