bbot
python · bbotHeads-up
bbot unarchive module path traversal risk with old GNU tar
The unarchive module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on t
19 Jun 2026 · schedule it
python · bbotHeads-up
bbot docker_pull module vulnerable to authentication token leakage via realm parameter
The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication en
19 Jun 2026 · schedule it
python · bbotHeads-up
bbot postman_download module path traversal vulnerability
The `postman_download` module in bbot uses the workspace `name` field from the Postman API to construct local directory paths with
19 Jun 2026 · schedule it
python · bbotHeads-up
bbot github_workflows module symlink path traversal
The `github_workflows` module constructs local directory paths from user-controlled repository names without validating for symlin
19 Jun 2026 · schedule it