CVE-2021-36711

Advisory

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/advisories/GHSA-fr75-x856-q6j8
• https://nvd.nist.gov/vuln/detail/CVE-2021-36711
• https://github.com/Drakkar-Software/OctoBot/issues/1966
• https://github.com/Drakkar-Software/OctoBot
• https://github.com/Drakkar-Software/OctoBot/blob/master/CHANGELOG.md
• https://github.com/Drakkar-Software/OctoBot/blob/master/CHANGELOG.md#044---2022-06-01
• https://github.com/Nwqda/Sashimi-Evil-OctoBot-Tentacle
• https://github.com/pypa/advisory-database/tree/main/vulns/octobot/PYSEC-2022-235.yaml
• https://packetstormsecurity.com/files/167721/Sashimi-Evil-OctoBot-Tentacle.html
• https://www.octobot.online/
• http://packetstormsecurity.com/files/167780/OctoBot-WebInterface-0.4.3-Remote-Code-Execution.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36711