CVE-2023-30621

Name of the Vulnerable Software and Affected Versions Gipsy versions prior to 1.3

Description Gipsy is a multi-purpose discord bot that aims to be modular and user-friendly. The !ping command, when provided with an IP or hostname, used to run a bash ping <IP> without verification that the IP or hostname was legitimate. This command was executed with root permissions and may lead to arbitrary command injection on the host server.

Recommendations For versions prior to 1.3, upgrade to version 1.3 or later to resolve the issue. As a temporary workaround, consider disabling the !ping command until a patch is available. Restrict access to the host machine to minimize the risk of exploitation. Avoid using the !ping command with unverified IP or hostname inputs until the issue is resolved.