CVE-2021-29466

Summary

Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file app.py and add .replace('..', '') into the Path variable inside of the recon function. The vulnerability is patched in version 0.0.4.

Affected Software

VendorProductVersion RangeStatus
DEMON1ADiscord-Recon<= 0.0.3affected

Weaknesses

  • CWE-24: CWE-24 Path Traversal: '../filedir'

ADP Enrichment

CVE Program Container

Additional References

References