CVE-2021-29465
published 2021-04-22CVE-2021-29465: Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.96%
77.8th percentile
Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their `setting.py` file then add `` into the `RCE` variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| demon1a | discord-recon | <= 0.0.3 | — |
| discord | discord-recon | < 0.0.4 | 0.0.4 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-22
Published