CVE-2024-53992

Name of the Vulnerable Software and Affected Versions: unzip-bot versions prior to 7.0.3a

Description: The issue allows users to exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this using a crafted archive name, password, or video name.

Recommendations: For versions prior to 7.0.3a, update to version 7.0.3a to resolve the issue. As a temporary workaround, consider restricting the use of subprocess.Popen with shell=True until the update is applied. Avoid using crafted archive names, passwords, or video names in the affected bot to minimize the risk of exploitation.