PT-2022-23123 · Pypi · Py-Cord
Bobdotcom
+1
·
Published
2022-08-18
·
Updated
2022-12-09
·
CVE-2022-36024
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
py-cord version 2.0.0
Description
The issue affects py-cord, a Python API wrapper for Discord, allowing remote shutdown of bots if they are added to a server with the
application.commands scope without the bot scope. It appears that all public bots using slash commands are affected.Recommendations
For version 2.0.0, upgrade to version 2.0.1 to resolve the issue.
As a temporary workaround, consider avoiding the addition of bots to servers with the
application.commands scope without the bot scope until a patch is applied.
There are currently no other recommended workarounds.Exploit
Fix
Improper Access Control
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Py-Cord