Arusekk

**Name of the Vulnerable Software and Affected Versions** aiosmtpd versions prior to 1.4.6 **Description** The issue concerns servers based on aiosmtpd, which accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. **Recommendations** For versions prior to 1.4.6, update to version 1.4.6 to resolve the issue. As a temporary workaround, consider restricting the use of the STARTTLS command to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: pwntools versions prior to 4.3.1 Description: The shellcraft generator for affected versions of this module is vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution. Recommendations: For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the shellcraft generator until a patch is applied.