PyPI package
bbot
pkg:pypi/bbot
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-10284 | Cri | 9.6 | < 2.7.0 | 2.7.0 | Oct 9, 2025 | BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution. | |
| CVE-2025-10283 | Cri | 9.6 | < 2.7.0 | 2.7.0 | Oct 9, 2025 | BBOT's gitdumper module could be abused to execute commands through a malicious git repository. | |
| CVE-2025-10282 | Med | 4.7 | < 2.7.2 | 2.7.2 | Oct 9, 2025 | BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL. | |
| CVE-2025-10281 | Med | 4.7 | < 2.7.0 | 2.7.0 | Oct 9, 2025 | BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL. |
- affected < 2.7.0fixed 2.7.0
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
- affected < 2.7.0fixed 2.7.0
BBOT's gitdumper module could be abused to execute commands through a malicious git repository.
- affected < 2.7.2fixed 2.7.2
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.
- affected < 2.7.0fixed 2.7.0
BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.