unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Emd115
Emd115 unzip Bot |
|
CPEs | cpe:2.3:a:emd115:unzip_bot:*:*:*:*:*:*:*:* | |
Vendors & Products |
Emd115
Emd115 unzip Bot |
|
Metrics |
ssvc
|
Mon, 02 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a. | |
Title | unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-02T17:03:22.631Z
Updated: 2024-12-05T16:00:15.371Z
Reserved: 2024-11-25T23:14:36.382Z
Link: CVE-2024-53992
Vulnrichment
Updated: 2024-12-05T15:59:59.668Z
NVD
Status : Received
Published: 2024-12-02T17:15:14.113
Modified: 2024-12-02T17:15:14.113
Link: CVE-2024-53992
Redhat
No data.