CVE-2015-10096

Name of the Vulnerable Software and Affected Versions Zarthus IRC Twitter Announcer Bot versions up to 1.1.0

Description A critical issue was found in the Zarthus IRC Twitter Announcer Bot, affecting the get tweets function of the file lib/twitterbot/plugins/twitter announcer.rb. The manipulation of the tweet argument leads to command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high, and the exploitability is difficult.

Recommendations For Zarthus IRC Twitter Announcer Bot versions up to 1.1.0, upgrade to version 1.1.1 to address this issue. As a temporary workaround, consider restricting access to the get tweets function until the patch is applied.