Browse all 5 CVE security advisories affecting t2bot. AI-powered Chinese analysis, POCs, and references for each vulnerability.
T2bot is a Telegram bot framework that enables users to create and manage custom bots for various messaging and automation tasks. Historically, the project has been affected by multiple remote code execution vulnerabilities, cross-site scripting issues, and privilege escalation flaws. These weaknesses often stem from improper input validation and insecure default configurations. While no major public security incidents have been documented, the presence of five CVEs indicates a history of security challenges that require careful implementation and regular updates. Users should apply patches promptly and implement additional security controls when deploying t2bot in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-36402 | Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo — matrix-media-repoCWE-287 | 5.3 | Medium | 2025-01-16 |
| CVE-2024-36403 | Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo — matrix-media-repoCWE-770 | 5.3 | Medium | 2025-01-16 |
| CVE-2024-52602 | Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo — matrix-media-repoCWE-918 | 5.0 | Medium | 2025-01-16 |
| CVE-2024-52791 | Denial of service through memory exhaustion in Matrix Media Repo — matrix-media-repoCWE-789 | 5.3 | Medium | 2025-01-16 |
| CVE-2024-56515 | Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo — matrix-media-repoCWE-502 | 6.8 | Medium | 2025-01-16 |
This page lists every published CVE security advisory associated with t2bot. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.