CVE-2022-36024

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-36024

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36024.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-36024

Aliases

Published

2022-08-18T14:45:17Z

Modified

2025-10-21T19:33:50Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution

Details

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

Database specific

{
    "cwe_ids": [
        "CWE-284",
        "CWE-862"
    ]
}

References

CVE-2022-36024

Affected packages

Git /

Affected ranges