| |
Vulnerability CVE-2021-29461
Published: 2021-04-20 Modified: 2021-04-21
| Description: |
### Impact - This issue could be exploited to read internal files from the system and write files into the system resulting in remote code execution ### Patches - This issue has been fixed on 0.0.3 version by adding a regex that validate if there's any arguments on the command. then disallow execution if there's an argument ### Workarounds - To fix this issue from your side, just upgrade discord-recon, if you're unable to do that. then just copy the code from `assets/CommandInjection.py` and overwrite your code with the new one. that's the only code required. ### Credits - All of the credits for finding these issues on discord-recon goes to Omar Badran. ### For more information If you have any questions or comments about this advisory: * Email us at [mdaif1332@gmail.com](mailto:mdaif1332@gmail.com) |
Type:
CWE-94 (Improper Control of Generation of Code ('Code Injection'))
References: |
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-3m9v-v33c-g83x
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
