Lucene search
+L

21 matches found

OSV
OSV
added 2026/07/08 4:16 p.m.5 views

CVE-2026-14967

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2026/07/08 4:16 p.m.7 views

CVE-2026-14966

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 3:3 p.m.8 views

EUVD-2026-42296

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-292 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS6.1AI score0.00658EPSS
Exploits0References7
OSV
OSV
added 2025/10/27 8:15 p.m.9 views

GHSA-P3V4-C93G-CMHW BBOT's gitlab.py exposes globally configured "gitlab" API key

Summary bbot's gitlab.py sends the user's "gitlab" API key to on-premise GitLab instances. If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server. Impact A user with a "gitlab" API key configured who uses bbot to scan a malicious...

4.7CVSS6.6AI score0.00213EPSS
Exploits0References4
Veracode
Veracode
added 2025/10/14 8:58 a.m.8 views

Directory Traversal

bbot is vulnerable to Directory Traversal. The vulnerability is due to gitdumper processing content from remote git repositories without proper sanitization, which allows an attacker to supply a malicious repository that triggers execution of arbitrary commands...

9.6CVSS7.3AI score0.00447EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/10/13 1:0 p.m.8 views

Arbitrary File Write

bbot is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient sanitization of archive entry paths, and an attacker can craft archive entries with absolute or directory-traversal paths that cause bbot to write arbitrary files to arbitrary locations and achieve remote code...

9.6CVSS8AI score0.00658EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/10 4:20 p.m.4 views

CVE-2025-10282

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

4.7CVSS6.7AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/10 4:20 p.m.5 views

CVE-2025-10284

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

9.6CVSS7.8AI score0.00658EPSS
Exploits0References1
OSV
OSV
added 2025/10/09 10:22 p.m.4 views

GHSA-FHW8-8V9P-7JP7 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS8AI score0.00658EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/09 10:22 p.m.5 views

BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS8AI score0.00658EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/10/09 4:43 p.m.5 views

Information Exposure

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via gitclone. An attacker can obtain sensitive information by tricking a user into cloning a repository using a specially crafted URL that causes the API key to be sent to an...

5.3CVSS6.5AI score0.00213EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/09 4:42 p.m.4 views

Directory Traversal

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via gitdumper. An attacker can execute arbitrary commands by crafting a malicious git repository. Details A Directory Traversal attack also known as path traversal aims to...

9.6CVSS7.9AI score0.00447EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/09 4:42 p.m.3 views

Information Exposure

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via the gitlab process. An attacker can obtain sensitive API key information by tricking the system into connecting to a maliciously crafted git URL. Remediation Upgrade bbot...

5.3CVSS6.6AI score0.00213EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 4:15 p.m.6 views

CVE-2025-10283

BBOT's gitdumper module could be abused to execute commands through a malicious git repository...

9.6CVSS0.00447EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 4:15 p.m.15 views

CVE-2025-10281

BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...

4.7CVSS0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 3:46 p.m.3 views

CVE-2025-10284 Improper Archive Extraction in unarchive Enables RCE

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

9.6CVSS7.8AI score0.00658EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:46 p.m.20 views

CVE-2025-10283

BBOT’s gitdumper module is vulnerable due to insufficient sanitization of .git data, enabling Directory Traversal that can lead to Remote Code Execution when processing a malicious git repository. Affected component: bb ot gitdumper.py (processing of .git/config and related index/file handling as...

9.6CVSS6.9AI score0.00447EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:46 p.m.23 views

CVE-2025-10282

BBOT's gitlab module exposes GitLab API keys by using a maliciously formatted git URL, leading to information exposure to an attacker-controlled server. Multiple sources (including Red Hat CVE entry and accompanying advisories) describe the issue as a leak of the user’s API key when bb ot process...

4.7CVSS6.3AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.12 views

BBOT 安全漏洞

BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...

4.7CVSS6.3AI score0.00213EPSS
Exploits0References2
Rows per page
Query Builder