CVE-2021-29502

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: WarnSystem versions prior to 1.3.18

Description: A vulnerability has been found in the WarnSystem cog for the Red discord bot, allowing any user to access sensitive information by setting up a specific template that is not properly sanitized.

Recommendations: For versions prior to 1.3.18, update to version 1.3.18 or above and type !warnsysteminfo to check the version. As a temporary workaround, consider unloading the WarnSystem cog or disabling the !warnset description command globally.

Fix

Code Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-74

Related Identifiers

CVE-2021-29502

GHSA-834G-67VV-M9WQ

Affected Products

Red Discord Bot

Warnsystem

CVE-2021-29502

Weakness Enumeration

Related Identifiers

Affected Products

References · 5