CVE-2022-36024

Опубликовано: 18 авг. 2022

Источник: nvd

CVSS3: 7.5

CVSS3: 6.5

EPSS Низкий

Описание

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

Ссылки

https://github.com/Pycord-Development/pycord/pull/1568
Patch
Third Party Advisory
https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr
Third Party Advisory
https://github.com/Pycord-Development/pycord/pull/1568
Patch
Third Party Advisory
https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pycord_development:pycord:2.0.0:*:*:*:*:discord:*:*

EPSS

Процентиль: 50%

0.00266

Низкий

7.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-284

CWE-862

Связанные уязвимости

GHSA-qmhj-m29v-gvmr

CVSS3: 7.5

github

больше 3 лет назад

Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution

EPSS

Процентиль: 50%

0.00266

Низкий

7.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-284

CWE-862