GHSA-m54h-vhf9-3w3m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m54h-vhf9-3w3m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-m54h-vhf9-3w3m/GHSA-m54h-vhf9-3w3m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m54h-vhf9-3w3m
- Aliases
-
- CVE-2026-12568
- Published
- 2026-06-18T15:03:38Z
- Modified
- 2026-06-18T15:17:20.360726641Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- BBOT: Arbitrary File Write in postman_download Module
- Details
-
The
postman_downloadmodule uses the workspacenamefield from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker to write arbitrary files to the user's system. - Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-06-18T15:03:38Z", "nvd_published_at": "2026-06-17T23:17:03Z", "severity": "MODERATE", "cwe_ids": [ "CWE-125", "CWE-22", "CWE-73" ] }- References
Affected packages
PyPI / bbot
Package
- Name
- bbot
- View open source insights on deps.dev
- Purl
- pkg:pypi/bbot
Affected versions
2.*
2.1.0
2.1.0.4809rc0
2.1.0.4813rc0
2.1.0.4815rc0
2.1.0.4817rc0
2.1.0.4819rc0
2.1.0.4921rc0
2.1.0.4929rc0
2.1.0.4935rc0
2.1.0.4937rc0
2.1.0.4939rc0
2.1.0.4951rc0
2.1.0.4954rc0
2.1.0.4957rc0
2.1.0.4959rc0
2.1.0.4971rc0
2.1.0.4978rc0
2.1.0.4980rc0
2.1.0.4984rc0
2.1.0.4992rc0
2.1.0.4995rc0
2.1.0.4999rc0
2.1.0.5001rc0
2.1.0.5004rc0
2.1.0.5021rc0
2.1.0.5028rc0
2.1.0.5036rc0
2.1.0.5040rc0
2.1.0.5078rc0
2.1.0.5082rc0
2.1.0.5097rc0
2.1.1
2.1.1.5103rc0
2.1.1.5119rc0
2.1.1.5121rc0
2.1.1.5123rc0
2.1.1.5125rc0
2.1.1.5127rc0
2.1.1.5138rc0
2.1.2
2.1.2.5140rc0
2.1.2.5147rc0
2.1.2.5149rc0
2.1.2.5152rc0
2.1.2.5154rc0
2.1.2.5156rc0
2.1.2.5158rc0
2.1.2.5161rc0
2.1.2.5171rc0
2.1.2.5173rc0
2.1.2.5175rc0
2.1.2.5180rc0
2.1.2.5182rc0
2.1.2.5184rc0
2.1.2.5192rc0
2.1.2.5196rc0
2.1.2.5202rc0
2.1.2.5217rc0
2.1.2.5221rc0
2.1.2.5223rc0
2.1.2.5232rc0
2.1.2.5234rc0
2.1.2.5236rc0
2.1.2.5238rc0
2.1.2.5240rc0
2.2.0
2.2.0.5242rc0
2.2.0.5263rc0
2.2.0.5279rc0
2.2.0.5309rc0
2.2.0.5311rc0
2.3.0.5324rc0
2.3.0.5328rc0
2.3.0.5336rc0
2.3.0.5354rc0
2.3.0.5362rc0
2.3.0.5364rc0
2.3.0.5368rc0
2.3.0.5370rc0
2.3.0.5376rc0
2.3.0.5382rc0
2.3.0.5384rc0
2.3.0.5397rc0
2.3.0.5399rc0
2.3.0.5401rc0
2.3.0.5404rc0
2.3.0.5412rc0
2.3.0.5414rc0
2.3.0.5418rc0
2.3.0.5423rc0
2.3.0.5438rc0
2.3.0.5445rc0
2.3.0.5447rc0
2.3.0.5455rc0
2.3.0.5459rc0
2.3.0.5461rc0
2.3.0.5465rc0
2.3.0.5467rc0
2.3.0.5473rc0
2.3.0.5477rc0
2.3.0.5479rc0
2.3.0.5482rc0
2.3.0.5484rc0
2.3.0.5489rc0
2.3.0.5491rc0
2.3.0.5504rc0
2.3.0.5515rc0
2.3.0.5518rc0
2.3.0.5520rc0
2.3.0.5522rc0
2.3.0.5524rc0
2.3.0.5532rc0
2.3.0.5538rc0
2.3.0.5546rc0
2.3.0.5809rc0
2.3.1
2.3.1.5815rc0
2.3.1.5818rc0
2.3.1.5820rc0
2.3.2
2.3.2.5825rc0
2.3.2.5827rc0
2.3.2.5829rc0
2.3.2.5832rc0
2.3.2.5836rc0
2.3.2.5838rc0
2.3.2.5841rc0
2.3.2.5848rc0
2.3.2.5850rc0
2.3.2.5855rc0
2.3.2.5874rc0
2.3.2.5889rc0
2.3.2.5893rc0
2.3.2.5897rc0
2.3.2.5904rc0
2.3.2.5906rc0
2.3.2.5909rc0
2.3.2.5913rc0
2.3.2.5915rc0
2.3.2.5927rc0
2.3.2.5938rc0
2.3.2.5942rc0
2.3.2.5944rc0
2.3.2.5950rc0
2.3.2.5958rc0
2.3.2.5967rc0
2.3.2.5971rc0
2.4.0
2.4.0.5974rc0
2.4.0.5977rc0
2.4.0.5984rc0
2.4.0.5986rc0
2.4.0.5988rc0
2.4.0.5992rc0
2.4.0.5995rc0
2.4.0.5997rc0
2.4.0.5999rc0
2.4.0.6005rc0
2.4.0.6007rc0
2.4.0.6031rc0
2.4.0.6037rc0
2.4.0.6039rc0
2.4.0.6045rc0
2.4.0.6050rc0
2.4.0.6067rc0
2.4.0.6073rc0
2.4.1
2.4.1.6075rc0
2.4.1.6077rc0
2.4.1.6089rc0
2.4.1.6094rc0
2.4.1.6095rc0
2.4.1.6100rc0
2.4.1.6107rc0
2.4.2
2.4.2.6109rc0
2.4.2.6590rc0
2.4.2.6596rc0
2.4.2.6608rc0
2.4.2.6611rc0
2.4.2.6615rc0
2.4.2.6621rc0
2.4.2.6623rc0
2.4.2.6635rc0
2.4.2.6638rc0
2.4.2.6653rc0
2.4.2.6655rc0
2.4.2.6659rc0
2.4.2.6677rc0
2.4.2.6706rc0
2.5.0
2.5.0.6715rc0
2.5.0.6719rc0
2.5.0.6721rc0
2.5.0.6730rc0
2.5.0.6734rc0
2.5.0.6737rc0
2.5.0.6742rc0
2.5.0.6747rc0
2.5.0.6765rc0
2.5.0.6769rc0
2.5.0.6773rc0
2.5.0.6779rc0
2.5.0.6782rc0
2.5.0.6790rc0
2.5.0.6803rc0
2.5.0.6807rc0
2.5.0.6817rc0
2.5.0.6831rc0
2.6.0
2.6.0.6840rc0
2.6.0.6842rc0
2.6.0.6846rc0
2.6.0.6851rc0
2.6.0.6853rc0
2.6.0.6856rc0
2.6.0.6871rc0
2.6.0.6879rc0
2.6.1
2.6.1.6901rc0
2.6.1.6913rc0
2.6.1.6915rc0
2.7.0
2.7.0.6919rc0
2.7.0.6925rc0
2.7.0.6930rc0
2.7.0.6932rc0
2.7.0.6948rc0
2.7.0.6962rc0
2.7.0.6989rc0
2.7.0.6995rc0
2.7.0.7002rc0
2.7.0.7010rc0
2.7.0.7014rc0
2.7.0.7023rc0
2.7.0.7027rc0
2.7.0.7090rc0
2.7.0.7092rc0
2.7.0.7094rc0
2.7.0.7096rc0
2.7.0.7098rc0
2.7.0.7100rc0
2.7.0.7108rc0
2.7.0.7112rc0
2.7.0.7116rc0
2.7.0.7136rc0
2.7.1
2.7.1.7141rc0
2.7.1.7149rc0
2.7.1.7151rc0
2.7.1.7153rc0
2.7.1.7159rc0
2.7.1.7167rc0
2.7.1.7169rc0
2.7.1.7175rc0
2.7.1.7198rc0
2.7.1.7202rc0
2.7.1.7207rc0
2.7.1.7212rc0
2.7.2
2.7.2.7226rc0
2.7.2.7236rc0
2.7.2.7238rc0
2.7.2.7244rc0
2.7.2.7254rc0
2.7.2.7256rc0
2.7.2.7269rc0
2.7.2.7271rc0
2.7.2.7278rc0
2.7.2.7284rc0
2.7.2.7286rc0
2.7.2.7288rc0
2.7.2.7298rc0
2.7.2.7303rc0
2.7.2.7311rc0
2.7.2.7319rc0
2.7.2.7324rc0
2.7.2.7334rc0
2.7.2.7337rc0
2.7.2.7342rc0
2.7.2.7353rc0
2.7.2.7355rc0
2.7.2.7361rc0
2.7.2.7364rc0
2.7.2.7367rc0
2.7.2.7369rc0
2.7.2.7379rc0
2.7.2.7381rc0
2.7.2.7383rc0
2.7.2.7388rc0
2.7.2.7396rc0
2.7.2.7400rc0
2.7.2.7406rc0
2.7.2.7410rc0
2.7.2.7412rc0
2.7.2.7414rc0
2.7.2.7418rc0
2.7.2.7424rc0
2.7.2.7426rc0
2.7.2.7428rc0
2.7.2.7439rc0
2.8.0
2.8.0.7448rc0
2.8.0.7450rc0
2.8.0.7452rc0
2.8.0.7459rc0
2.8.1
2.8.1.7464rc0
2.8.1.7470rc0
2.8.1.7477rc0
2.8.2
2.8.2.7481rc0
2.8.2.7483rc0
2.8.2.7485rc0
2.8.2.7495rc0
2.8.2.7498rc0
2.8.2.7503rc0
2.8.2.7505rc0
2.8.2.7508rc0
2.8.2.7516rc0
2.8.3
2.8.3.7522rc0
2.8.3.7533rc0
2.8.3.7535rc0
2.8.3.7546rc0
2.8.3.7550rc0
2.8.3.7553rc0
2.8.3.7555rc0
2.8.4
2.8.4.7557rc0
2.8.4.7559rc0
2.8.4.7575rc0
2.8.4.7578rc0
2.8.5