Zarthus

**Name of the Vulnerable Software and Affected Versions** Zarthus IRC Twitter Announcer Bot versions up to 1.1.0 **Description** A critical issue was found in the Zarthus IRC Twitter Announcer Bot, affecting the `get tweets` function of the file `lib/twitterbot/plugins/twitter announcer.rb`. The manipulation of the `tweet` argument leads to command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high, and the exploitability is difficult. **Recommendations** For Zarthus IRC Twitter Announcer Bot versions up to 1.1.0, upgrade to version 1.1.1 to address this issue. As a temporary workaround, consider restricting access to the `get tweets` function until the patch is applied.