CVE-2021-36711 Information

Description

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.

Reference

https://packetstormsecurity.com/files/167721/Sashimi-Evil-OctoBot-Tentacle.html https://github.com/Nwqda/Sashimi-Evil-OctoBot-Tentacle https://github.com/Drakkar-Software/OctoBot/blob/master/CHANGELOG.md https://github.com/Drakkar-Software/OctoBot/issues/1966 https://www.octobot.online/