CVE-2023-28102

Name of the Vulnerable Software and Affected Versions discordrb versions prior to commit 91e13043ffa

Description The discordrb library, an implementation of the Discord API using Ruby, has a command injection issue due to the unsafe construction of a shell string using the file parameter in the encoder.rb file. This can potentially leave clients of discordrb vulnerable to command injection if user input is passed to the vulnerable method. An attacker can execute arbitrary shell commands on the host machine, with the full impact depending on the permissions of the process running the discordrb library.

Recommendations For discordrb versions prior to commit 91e13043ffa, update the library to a version that includes the fix for this issue, once it is available. As a temporary workaround, consider restricting the use of the vulnerable method to minimize the risk of exploitation. Avoid passing user input to the vulnerable method in the encoder.rb file until the issue is resolved.