Calling event.reply with a message like Hello World\nQUIT will cause irc-framework to pass the input straight to sockets, which in turn will split its input by newlines, resulting in IRC server receiving two lines from client: PRIVMSG #dev :Hello World and QUIT.
The underlying function responsible for handling reply to events will properly split messages and append appropriate prefix (PRIVMSG #dev in previous example) for lines that are above threshold length, however it does not do such thing for messages that explicitly contain \n in them.
This might lead to possible remote command execution in implementations utilizing event.reply to send untrusted data. Simplest example would be a bot fetching link title for web pages.
Calling
event.reply
with a message likeHello World\nQUIT
will cause irc-framework to pass the input straight to sockets, which in turn will split its input by newlines, resulting in IRC server receiving two lines from client:PRIVMSG #dev :Hello World
andQUIT
.The underlying function responsible for handling reply to events will properly split messages and append appropriate prefix (
PRIVMSG #dev
in previous example) for lines that are above threshold length, however it does not do such thing for messages that explicitly contain\n
in them.This might lead to possible remote command execution in implementations utilizing
event.reply
to send untrusted data. Simplest example would be a bot fetching link title for web pages.