-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient sanitization of git repositories downloaded by bbot, specifically within the gitdumper.py and git_clone.py modules. The core of the issue was in the GitDumper.sanitize_config function, which attempted to neutralize malicious entries in a .git/config file using a regex blacklist. This approach was inadequate and could be bypassed, allowing for Remote Code Execution (RCE) through specially crafted git configurations.
The vulnerability also involved the handling of the .git/index file, which could be manipulated to cause an arbitrary file write, also leading to RCE. The patch addresses these issues by removing the flawed sanitize_config function entirely and introducing a new, more robust sanitization function, sanitize_git_repo. This new function doesn't try to parse the git files; instead, it defensively renames the .git/config, .git/index, and .git/hooks directory, effectively neutralizing any potential threats before any git commands that might interpret them (like git checkout) are executed. The vulnerable functions are those that were part of the workflow that handled the unsanitized repository, including the function that performed the insufficient sanitization (sanitize_config), the function that called it (handle_event), and the functions that operated on the repository (git_checkout, clone_git_repository).
GitDumper.sanitize_configbbot/modules/gitdumper.py
GitDumper.handle_eventbbot/modules/gitdumper.py
GitDumper.git_checkoutbbot/modules/gitdumper.py
GitClone.clone_git_repositorybbot/modules/git_clone.py
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| bbot | pip | < 2.7.0 | 2.7.0 |
Ongoing coverage of React2Shell