21 matches found
CVE-2026-14967
BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...
CVE-2026-14966
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...
EUVD-2026-42296
BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...
PYSEC-2026-292 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...
GHSA-P3V4-C93G-CMHW BBOT's gitlab.py exposes globally configured "gitlab" API key
Summary bbot's gitlab.py sends the user's "gitlab" API key to on-premise GitLab instances. If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server. Impact A user with a "gitlab" API key configured who uses bbot to scan a malicious...
Directory Traversal
bbot is vulnerable to Directory Traversal. The vulnerability is due to gitdumper processing content from remote git repositories without proper sanitization, which allows an attacker to supply a malicious repository that triggers execution of arbitrary commands...
Arbitrary File Write
bbot is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient sanitization of archive entry paths, and an attacker can craft archive entries with absolute or directory-traversal paths that cause bbot to write arbitrary files to arbitrary locations and achieve remote code...
CVE-2025-10282
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10284
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...
GHSA-FHW8-8V9P-7JP7 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...
Information Exposure
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via gitclone. An attacker can obtain sensitive information by tricking a user into cloning a repository using a specially crafted URL that causes the API key to be sent to an...
Directory Traversal
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via gitdumper. An attacker can execute arbitrary commands by crafting a malicious git repository. Details A Directory Traversal attack also known as path traversal aims to...
Information Exposure
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via the gitlab process. An attacker can obtain sensitive API key information by tricking the system into connecting to a maliciously crafted git URL. Remediation Upgrade bbot...
CVE-2025-10283
BBOT's gitdumper module could be abused to execute commands through a malicious git repository...
CVE-2025-10281
BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...
CVE-2025-10284 Improper Archive Extraction in unarchive Enables RCE
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...
CVE-2025-10283
BBOT’s gitdumper module is vulnerable due to insufficient sanitization of .git data, enabling Directory Traversal that can lead to Remote Code Execution when processing a malicious git repository. Affected component: bb ot gitdumper.py (processing of .git/config and related index/file handling as...
CVE-2025-10282
BBOT's gitlab module exposes GitLab API keys by using a maliciously formatted git URL, leading to information exposure to an attacker-controlled server. Multiple sources (including Red Hat CVE entry and accompanying advisories) describe the issue as a leak of the user’s API key when bb ot process...
BBOT 安全漏洞
BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...