CVE-2021-29465

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29465

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29465.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-29465

Related

GHSA-6pp2-rpj3-jcjx

Published

2021-04-22T01:15:07Z

Modified

2025-01-14T09:03:31.212995Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their setting.py file then add < and > into the RCE variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4.

References

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-6pp2-rpj3-jcjx

Affected packages

Git / github.com/demon1a/discord-recon

Affected ranges

Type: GIT
Repo: https://github.com/demon1a/discord-recon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

16206b1e4e03433312917589bbb8b01ddf930fb1

Affected versions

0,0.*

0,0.3

0.*

0.0.1

0.0.2