CVE-2024-53992

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-53992
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53992.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53992
Aliases
  • GHSA-34cg-7f8c-fm5h
Published
2024-12-02T17:15:14Z
Modified
2025-01-08T16:27:11.351366Z
Summary
[none]
Details

unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a.

References

Affected packages

Git / github.com/edm115/unzip-bot

Affected ranges

Type
GIT
Repo
https://github.com/edm115/unzip-bot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.0

3.*

3.0

4.*

4.0
4.5

5.*

5.0

6.*

6.0
6.2
6.3
6.3.2
6.3.3

7.*

7.0.0a
7.0.0a-herokufix