CVE-2022-21669

Name of the Vulnerable Software and Affected Versions PuddingBot versions 0.0.6-b933652 and prior

Description PuddingBot is a group management bot. In the affected versions, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and a new version is already running on the server. The maintainers are planning to update the code to reflect this change at a later date.

Recommendations For PuddingBot versions 0.0.6-b933652 and prior, consider updating to a version where the bot token exposure issue has been addressed, once the updated code is available from the maintainers. As a temporary workaround, ensure that access to the main.py file is restricted to minimize the risk of exploitation.