Aeris1One

**Name of the Vulnerable Software and Affected Versions** Gipsy versions prior to 1.3 **Description** Gipsy is a multi-purpose discord bot that aims to be modular and user-friendly. The `!ping` command, when provided with an IP or hostname, used to run a bash `ping <IP>` without verification that the IP or hostname was legitimate. This command was executed with root permissions and may lead to arbitrary command injection on the host server. **Recommendations** For versions prior to 1.3, upgrade to version 1.3 or later to resolve the issue. As a temporary workaround, consider disabling the `!ping` command until a patch is available. Restrict access to the host machine to minimize the risk of exploitation. Avoid using the `!ping` command with unverified IP or hostname inputs until the issue is resolved.