Vendicated

**Name of the Vulnerable Software and Affected Versions** Oceanic versions prior to 1.10.4 **Description** The issue arises from the lack of url-encoding for input to certain functions, such as `Client.rest.channels.removeBan`. This allows specially crafted input, like `../../../channels/{id}`, to be normalized into the url `/api/v10/channels/{id}`, resulting in unintended actions like deleting a channel instead of removing a ban. **Recommendations** For versions prior to 1.10.4, consider updating to version 1.10.4 to resolve the issue. As a temporary workaround, consider sanitizing user input to ensure strings are valid for their intended use. Alternatively, encode input with `encodeURIComponent` before providing it to the library.