CVE-2024-53992

Vulnerability Description

unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a.

Related Weaknesses (CWE)

CWE-78

References

https://github.com/EDM115/unzip-bot/commit/5213b693eabb562842cdbf21c1074e91bfa00
https://github.com/EDM115/unzip-bot/security/advisories/GHSA-34cg-7f8c-fm5h

FAQ

What is CVE-2024-53992?

CVE-2024-53992 is a documented vulnerability. unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attack...

How severe is CVE-2024-53992?

CVSS scoring is not yet available for CVE-2024-53992. Check NVD for updates.

Is there a patch for CVE-2024-53992?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.