Multiple security issues in default install

The problem was already reported and [a tentative fix](https://github.com/0xAX/Ybot/issues/61) was proposed but:
- there is [another occurrence of the the code it patches](https://github.com/0xAX/Ybot/blob/master/src/transport/http/http_handler.erl#L132)
- it uses double quotes so it doesn't protect much (you can still invoke arbitrary commands in subshells).
- the default install comes with the [ruby.rb](https://github.com/0xAX/Ybot/blob/master/plugins/ruby.rb) plugin which allows arbitrary code execution anway


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Multiple security issues in default install #79

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Multiple security issues in default install #79

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions