CVE-2021-29465

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Discord-Recon versions 0.0.3 and prior

Description: The issue allows a remote attacker to overwrite any file on the system with command results, potentially leading to remote code execution if important system files are overwritten.

Recommendations: For versions 0.0.3 and prior, as a temporary workaround, bot maintainers can edit their setting.py file and add < and > into the RCE variable to mitigate the issue without an update. For versions 0.0.3 and prior, update to version 0.0.4 to resolve the issue.

Fix

Code Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-78

Related Identifiers

CVE-2021-29465

GHSA-6PP2-RPJ3-JCJX

Affected Products

Discord-Recon

CVE-2021-29465

Weakness Enumeration

Related Identifiers

Affected Products

References · 3