CVE-2024-21624

Name of the Vulnerable Software and Affected Versions nonebot2 versions prior to 2.2.0

Description This issue pertains to a potential information leak, such as environment variables, when developers use MessageTemplate and incorporate user-provided data into templates. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of MessageTemplate and incorporation of user-provided data into templates, which can lead to information leaks.

Recommendations For nonebot2 versions prior to 2.2.0, upgrade to version 2.2.0 or later to safeguard against the vulnerability. As a temporary workaround, consider filtering underscores before incorporating user input into the MessageTemplate to minimize the risk of exploitation.