CVE-2021-46701

Name of the Vulnerable Software and Affected Versions PreMiD version 2.2.0

Description The issue allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing" status on Discord.

Recommendations For PreMiD version 2.2.0, consider disabling the websocket transport as a temporary workaround until a patch is available. Restrict access to the websocket endpoint to minimize the risk of exploitation. Avoid using the vulnerable websocket transport in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.