PT-2021-18234 · Unknown · Discord-Recon

Ry0Tak

Published

2021-04-22

Updated

2021-04-27

CVE-2021-29466

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Discord-Recon versions 0.0.3 and prior

Description: Discord-Recon is a bot for the Discord chat service. A remote attacker can read local files from the server, disclosing important information.

Recommendations: For versions 0.0.3 and prior, as a temporary workaround, a bot maintainer can locate the file app.py and add .replace('..','') into the Path variable inside of the recon function. Update to version 0.0.4 to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-24CWE-22

Related Identifiers

CVE-2021-29466

GHSA-P2PW-8XWF-879G

Affected Products

Discord-Recon

PT-2021-18234 · Unknown · Discord-Recon

CVE-2021-29466

Weakness Enumeration

Related Identifiers

Affected Products

References · 4