CVE-2021-36711: Octobot mishandles Tentacles upload
(updated )
WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.
References
- github.com/Drakkar-Software/OctoBot
- github.com/Drakkar-Software/OctoBot/blob/master/CHANGELOG.md
- github.com/Drakkar-Software/OctoBot/blob/master/CHANGELOG.md
- github.com/Drakkar-Software/OctoBot/issues/1966
- github.com/Nwqda/Sashimi-Evil-OctoBot-Tentacle
- github.com/advisories/GHSA-fr75-x856-q6j8
- github.com/pypa/advisory-database/tree/main/vulns/octobot/PYSEC-2022-235.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-36711
- packetstormsecurity.com/files/167721/Sashimi-Evil-OctoBot-Tentacle.html
- www.octobot.online/
Code Behaviors & Features
Detect and mitigate CVE-2021-36711 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →