Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2025-10283

9.6 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 2 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months ago
@LeSuisse removed package hebbot 2 months ago
@LeSuisse dismissed 2 months ago

Improper .git Sanitization in gitdumper Enables RCE

BBOT's gitdumper module could be abused to execute commands through a malicious git repository.

References

https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

Affected products

bbot

=<2.6.1

Software not present in nixpkgs