PT-2020-21090 · Discord · Discord.Js-User

Published

2020-09-03

·

Updated

2020-09-03

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions discord.js-user versions (affected versions not specified)
Description The issue concerns malicious code in the discord.js-user package that uploads the user's Discord token to a remote server.
Recommendations Remove the discord.js-user package from your environment. Ensure any compromised tokens are invalidated.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-506

Related Identifiers

GHSA-69R6-7H4F-9P7Q

Affected Products

Discord.Js-User