Описание
Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2021-05-05 (исключая)
cpe:2.3:a:kennnyshiwa-cogs_project:kennnyshiwa-cogs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00317
Низкий
6.5 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
NVD-CWE-noinfo
EPSS
Процентиль: 54%
0.00317
Низкий
6.5 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
NVD-CWE-noinfo