Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-21624

Опубликовано: 09 фев. 2024
Источник: nvd
CVSS3: 5.7
CVSS3: 6.5
EPSS Низкий

Описание

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nonebot:nonebot:*:*:*:*:*:*:*:*
Версия от 2.0.1 (включая) до 2.2.0 (исключая)
cpe:2.3:a:nonebot:nonebot:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:alpha16:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:nonebot:nonebot:2.0.0:rc4:*:*:*:*:*:*

EPSS

Процентиль: 49%
0.00262
Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-200
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-59j8-776v-xxxg

CVSS3: 5.7
github
почти 2 года назад

NoneBot Potential Information Leak in User-Constructed Message Templates

EPSS

Процентиль: 49%
0.00262
Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-200
NVD-CWE-noinfo